Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:75208
HistoryJul 01, 2014 - 12:00 a.m.

XGB Guestbook 1.2 User-Embedded Scripting Vulnerability

2014-07-0100:00:00
Root
www.seebug.org
7
JSON

No description provided by source.


                                                source: http://www.securityfocus.com/bid/4513/info

xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

xGB allows users to post images in guestbook entries by using special syntax to denote a link to an image. However, script code is not filtered from the image tags ([img][/img]) used by the guestbook. An attacker may cause script code to be executed by arbitrary web users who view the guestbook entries. 

[img]javascript:alert('This Guestbook allows Cross Site
Scripting');[/img]
JSON