@lex Guestbook 4.0.1 was susceptible to a Cross-Site Scripting (XSS) @lex Guestbook 4.0.1 was susceptible to a Cross-Site Scripting (XSS) vulnerability.
This flaw allowed attackers to inject malicious client-side scripts into guestbook entries. Due to insufficient input validation and output encoding, the application failed to properly sanitize user-supplied data before displaying it.
When other users viewed the compromised guestbook entries, their browsers would execute the injected script. This could lead to various attacks, including session hijacking, defacement of the guestbook, redirection to malicious sites, or theft of user data. The vulnerability posed a significant risk to visitors interacting with the affected guestbook.
@lex Guestbook 4.0.1
--------------------
Vendor site: http://www.alexphpteam.com/
Product: @lex Guestbook 4.0.1
Vulnerability: Full Path Disclosure & XSS
Credits: Mr_KaLiMaN
Reported to Vendor: 24.11.06
Public disclosure: 30.11.06
Description:
------------
Full Path Disclosure:
http://[victim]/[guestbook_path]/index.php?skin=[non-existent_skin]
XSS:
http://[victim]/[guestbook_path]/index.php?skin=[XSS]
@lex Guestbook 4.0.1 Cross Site Scripting
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 5
