Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAliaksandr HartsuyeuPACKETSTORM:96265
HistoryDec 01, 2010 - 12:00 a.m.

Wernhart Guestbook Cross Site Scripting

2010-12-0100:00:00
Aliaksandr Hartsuyeu
packetstormsecurity.com
16
JSON
`New eVuln Advisory:  
Multiple XSS in Wernhart Guestbook  
Summary: http://evuln.com/vulns/150/summary.html   
Details: http://evuln.com/vulns/150/description.html   
  
-----------Summary-----------  
eVuln ID: EV0150  
Software: Wernhart Guestbook  
Vendor: Carl A. Wernhart  
Version: 2001.03.28  
Critical Level: low  
Type: Cross Site Scripting  
Status: Unpatched. No reply from developer(s)  
PoC: Not available  
Solution: Not available  
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )  
--------Description--------  
All user-defined parameters are not sanitized.  
Arbitrary XSS is possible.  
Vulnerable script: insert.phtml.  
--------PoC/Exploit--------  
XSS inj examples  
All input data is not sanitized:  
First Name: <XSS inj>  
Last Name: <XSS inj>  
E-Mail: <XSS inj>  
Web Site: <XSS inj>  
---------Solution----------  
Not available  
----------Credit-----------  
Vulnerability discovered by Aliaksandr Hartsuyeu  
http://evuln.com/xss/useragent.html - recent useragent xss vulns  
`
JSON