Vulnerabilities > CVE-2006-1256 - HTML Injection vulnerability in Skullsplitter PHP Guestbook 2.7

047910
CVSS 2.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
skullsplitter

Summary

Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter. This vulnerability can only be exploited if the "magic_quotes_gpc" parameter is set to 'off'.

Vulnerable Configurations

Part Description Count
Application
Skullsplitter
2

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/45094/EV0104.txt
idPACKETSTORM:45094
last seen2016-12-05
published2006-04-01
reporterAliaksandr Hartsuyeu
sourcehttps://packetstormsecurity.com/files/45094/EV0104.txt.html
titleEV0104.txt