Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5026

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-5026
Last Modified 06 Nov 2012 12:04:59
Published 28 Dec 2011 11:15:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5026

Summary

Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Winn Guestbook 2.4.1

  • Winn Guestbook 2.4.2

  • Winn Guestbook 2.4.3

  • Winn Guestbook 2.4.4

  • Winn Guestbook 2.4.5

  • Winn Guestbook 2.4.6

  • Winn Guestbook 2.4.7

  • Winn Guestbook 2.4.8b

  • Winn Guestbook 2.4.8c


References

CONFIRM - http://code.google.com/p/winn-guestbook/issues/detail?id=34

EXPLOIT-DB - 18290

XF - winnguestbook-functions-xss(72025)

SECUNIA - 47391

OSVDB - 78070


Last Updated: 27 May 2016 10:57:17