Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4649

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-4649
Last Modified 05 Sep 2008 04:57:26
Published 31 Dec 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4649

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548.

Vulnerable Systems

Application

  • Advanced Guestbook 2.2

  • Advanced Guestbook 2.3.1


References

OSVDB - 22188

MISC - http://www.morx.org/guestbook.txt

FULLDISC - 20051225 Advanced Guestbook remote XSS exploit


Last Updated: 27 May 2016 10:41:22