Vulnerabilities > CVE-2006-2637 - Products View.PHP Cross-Site Scripting vulnerability in Tuttophp Morris Guestbook, Pretty Guestbook and Smile Guestbook
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
tuttophp
Summary
Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
References
- http://secunia.com/advisories/20320
- http://secunia.com/advisories/20321
- http://secunia.com/advisories/20322
- http://securityreason.com/securityalert/973
- http://www.securityfocus.com/archive/1/435171/100/0/threaded
- http://www.securityfocus.com/archive/1/435172/100/0/threaded
- http://www.securityfocus.com/archive/1/435173/100/0/threaded
- http://www.securityfocus.com/bid/18128
- http://www.vupen.com/english/advisories/2006/2016
- http://www.vupen.com/english/advisories/2006/2017
- http://www.vupen.com/english/advisories/2006/2018
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26731
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26735