Vulnerabilities > CVE-2005-4649 - Cross-Site Scripting vulnerability in Advanced Guestbook Advanced Guestbook 2.2/2.3.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
advanced-guestbook
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |