Max's Guestbook Security Vulnerabilities

JLex GuestBook 1.6.4 - Reflected XSS

...

JLex GuestBook 1.6.4 - Reflected XSS Vulnerability

...

Joomla JLex GuestBook 1.6.4 Cross Site Scripting

...

CVE-2023-3476

A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It....

CVE-2023-3476

A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It....

Cross site scripting

A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It....

CVE-2023-3476 SimplePHPscripts GuestBook Script URL Parameter preview.php cross site scripting

A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It....

CVE-2023-3465

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file user.php of the component HTTP POST Request Handler. The manipulation of the argument title leads to cross site...

CVE-2023-3465

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file user.php of the component HTTP POST Request Handler. The manipulation of the argument title leads to cross site...

CVE-2023-3464

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been classified as problematic. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation of the argument p leads to cross site scripting. It is possible to...

CVE-2023-3464

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been classified as problematic. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation of the argument p leads to cross site scripting. It is possible to...

Cross site scripting

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been classified as problematic. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation of the argument p leads to cross site scripting. It is possible to...

Cross site scripting

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file user.php of the component HTTP POST Request Handler. The manipulation of the argument title leads to cross site...

CVE-2023-3465 SimplePHPscripts Classified Ads Script HTTP POST Request user.php cross site scripting

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file user.php of the component HTTP POST Request Handler. The manipulation of the argument title leads to cross site...

CVE-2023-3464 SimplePHPscripts Classified Ads Script URL Parameter preview.php cross site scripting

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been classified as problematic. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation of the argument p leads to cross site scripting. It is possible to...

GuestBook Script 2.2 Cross Site Scripting

...

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and...

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and...

Cross site scripting

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and...

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and...

2ad Guestbook 2.0 Database Disclosure

...

CVE-2014-125053

A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is.....

Sql injection

A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is.....

CVE-2009-2440

Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page...

CVE-2009-2448

Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the search_choice parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2009-2448

Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the search_choice parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2009-2440

Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page...

CVE-2009-2447

Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in Online Guestbook Pro 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) display...

CVE-2009-2447

Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in Online Guestbook Pro 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) display...

CVE-2009-3189

Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the search_term...

CVE-2009-3189

Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the search_term...

CVE-2002-2339

Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left...

CVE-2002-2339

Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left...

CVE-2005-4649

Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from...

CVE-2005-4649

Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from...

CVE-2005-4880

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4)...

CVE-2005-4880

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4)...

CVE-2005-1412

SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD...

CVE-2005-1412

SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD...

CVE-2003-1293

Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestBookHost allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Email and (3) Message fields when signing the...

CVE-2003-1293

Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestBookHost allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Email and (3) Message fields when signing the...

CVE-2012-3873

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or....

CVE-2012-3873

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or....

CVE-2021-36830

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at...

CVE-2021-36830

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at...

Cross site scripting

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at...

CVE-2021-36830 WordPress Comment Guestbook plugin <= 0.8.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin &lt;= 0.8.0 at...

Comment Guestbook <= 0.8.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

WordPress Comment Guestbook plugin <= 0.8.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas (Patchstack Alliance) in WordPress Comment Guestbook plugin (versions &lt;= 0.8.0). Solution No patched version...

CVE-2017-20089

A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated...