Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormG13PACKETSTORM:108229
HistoryDec 29, 2011 - 12:00 a.m.

Winn Guestbook 2.4.8c Cross Site Scripting

2011-12-2900:00:00
G13
packetstormsecurity.com
29

EPSS

0.003

Percentile

71.4%

JSON
`# Exploit Title: Winn Guestbook v2.4.8c Stored XSS  
# Date: 12/29/11  
# Author: G13  
# Software Link: http://code.google.com/p/winn-guestbook/,   
http://www.winn.ws  
# Version: 2.4.8c  
# Category: webapps (php)  
# CVE: 2011-5026  
  
##### Vulnerability #####  
  
There is no sanitation on the input of the name variable. This allows   
malicious scripts to be added. This is a stored XSS.  
  
##### Vendor Notification #####  
  
12/24/11 - Vendor Notified.  
12/27/11 - Vendor Acknowledged, Patch Issued.  
  
##### Resolution #####  
  
Upgrade to Version 2.4.8d  
  
##### Affected Variables #####  
  
name=[XSS]  
  
##### Exploit #####  
  
The script can be added right in the page, there is no filtering of   
input. This can easily be exploited if the email address used is added   
to the "approved posters" list.  
`

Related

exploitdb 1
cvelist 1
nvd 1
prion 1
cve 1
securityvulns 1
exploitdb
exploitdb
Winn Guestbook 2.4.8c - Persistent Cross-Site Scripting
2011-12-29 00:00:00
cvelist
cvelist
CVE-2011-5026
2011-12-29 02:00:00
nvd
nvd
CVE-2011-5026
2011-12-29 04:15:05
prion
prion
Cross site scripting
2011-12-29 04:15:00
cve
cve
CVE-2011-5026
2011-12-29 04:15:05
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2012-01-09 00:00:00

EPSS

0.003

Percentile

71.4%

JSON
Related for PACKETSTORM:108229
exploitdb1cvelist1nvd1prion1cve1securityvulns1