Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2975


Vulnerability Score 2.6 2.6
CVE Id CVE-2006-2975
Last Modified 07 Mar 2011 09:37:24
Published 12 Jun 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the (1) name, (2) email, and (3) website parameter, which bypasses XSS protection mechanisms that check for SCRIPT tags but not IMG. NOTE: portions of this description's details are obtained from third party information.

Vulnerable Systems


  • Pbl Guestbook 1.31


VUPEN - ADV-2006-2221

BUGTRAQ - 20060607 PBL Guestbook v1.31 - XSS

XF - pblguestbook-multiple-xss(27006)

SREASON - 1088

SECUNIA - 20526

Last Updated: 27 May 2016 10:42:50