vendor:
Creative Guestbook 1.0
by:
Dj7xpl
N/A
CVSS
N/A
Add Remote Admin User, Cross Site Scripting
CWE
Product Name: Creative Guestbook 1.0
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: No
Related CWE:
CPE:
Platforms Tested: Unknown
Unknown
Creative Guestbook 1.0 Add Remote Admin User and Cross Site Scripting Vulnerability
The Creative Guestbook 1.0 portal allows an attacker to add a remote admin user and perform cross site scripting attacks. The portal can be downloaded from http://www.thecreativeheads.de/CreativeFiles/downloads.php. The vulnerability can be exploited by inserting malicious scripts in the Guestbook.php file. An example script is <script> alert (' dj7xpl ^_^ ') </script>.
Mitigation:
Unknown