header-logo
Suggest Exploit
vendor:
xGB
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: xGB
Affected Version From: xGB 1.0
Affected Version To: xGB 1.0
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: o:xgb:xgb:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix, Linux, Windows
2002

xGB Cross-Site Scripting Vulnerability

xGB is vulnerable to Cross-Site Scripting (XSS) attacks due to a lack of input validation. An attacker can inject malicious JavaScript code into the guestbook entries, which will be executed when a user views the guestbook.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the guestbook entries.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4513/info

xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

xGB allows users to post images in guestbook entries by using special syntax to denote a link to an image. However, script code is not filtered from the image tags ([img][/img]) used by the guestbook. An attacker may cause script code to be executed by arbitrary web users who view the guestbook entries. 

[img]javascript:alert('This Guestbook allows Cross Site
Scripting');[/img]

Navigation

Suggest Exploit

Services By CQR