Vulnerabilities > CVE-2006-2231 - HTML Injection vulnerability in Bigwebmaster Guestbook
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
big-webmaster
Summary
Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in Big Webmaster Guestbook Script 1.02 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) site, (3) city, (4) state, (5) country, and possibly (6) name fields, which are viewed via viewguest.cgi.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045752.html
- http://secunia.com/advisories/19971
- http://securityreason.com/securityalert/843
- http://www.osvdb.org/25257
- http://www.securityfocus.com/archive/1/432970/100/0/threaded
- http://www.securityfocus.com/bid/17834
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26246