Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3063

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-3063
Last Modified 07 Mar 2011 09:37:33
Published 19 Jun 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3063

Summary

Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php.

Vulnerable Systems

Application

  • Myphp Guestbook 1.0

  • Myphp Guestbook 1.8

  • Myphp Guestbook 1.8.3

  • Myphp Guestbook 1.9

  • Myphp Guestbook 1.9.2

  • Myphp Guestbook 2.0.0

  • Myphp Guestbook 2.0.0 Alpha

  • Myphp Guestbook 2.0.0 Beta

  • Myphp Guestbook 2.0.0 Rc1

  • Myphp Guestbook 2.0.0 Rc2

  • Myphp Guestbook 2.0.0 Rc3

  • Myphp Guestbook 2.0.0 Rc4

  • Myphp Guestbook 2.0.0-r1

  • Myphp Guestbook 2.0.1 Beta

  • Myphp Guestbook 2.0.1 Rc1

  • Myphp Guestbook 2.0.1 Rc2

  • Myphp Guestbook 2.0.1 Rc3

  • Myphp Guestbook 2.0.1 Rc4


References

VUPEN - ADV-2006-2480

CONFIRM - http://www.networkarea.ch/forum/topic.php?id=4&s=9106beea248ecd1a552439168ada227e

XF - myphp-guestbook-multiple-scripts-xss(27293)

BID - 18582

SECUNIA - 20764


Last Updated: 27 May 2016 10:42:52