Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2975

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-2975
Last Modified 07 Mar 2011 09:37:24
Published 12 Jun 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2975

Summary

Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the (1) name, (2) email, and (3) website parameter, which bypasses XSS protection mechanisms that check for SCRIPT tags but not IMG. NOTE: portions of this description's details are obtained from third party information.

Vulnerable Systems

Application

  • Pbl Guestbook 1.31


References

VUPEN - ADV-2006-2221

BUGTRAQ - 20060607 PBL Guestbook v1.31 - XSS

XF - pblguestbook-multiple-xss(27006)

SREASON - 1088

SECUNIA - 20526


Last Updated: 27 May 2016 10:42:50