header-logo
Suggest Exploit
vendor:
Guestbook
by:
SecurityFocus
3.3
CVSS
MEDIUM
HTML Injection
79
CWE
Product Name: Guestbook
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Guestbook HTML Injection Vulnerability

Guestbook does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the guestbook. The attacker's script code may be executed in the web client of arbitrary users who view the pages generated by the guestbook, in the security context of the website running the software.

Mitigation:

Input validation should be used to ensure that user-supplied data does not contain malicious HTML code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6686/info

Guestbook does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the guestbook.

The attacker's script code may be executed in the web client of arbitrary users who view the pages generated by the guestbook, in the security context of the website running the software.

The following proof of concept was provided by inserting malicious HTML code into the Title, Name and Comment fields:

<script>alert('test')</script>

Navigation

Suggest Exploit

Services By CQR