Vulnerabilities > CVE-2006-3063 - Unspecified vulnerability in Myphp Guestbook Myphp Guestbook
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php.
Vulnerable Configurations
References
- http://secunia.com/advisories/20764
- http://secunia.com/advisories/20764
- http://www.networkarea.ch/forum/topic.php?id=4&s=9106beea248ecd1a552439168ada227e
- http://www.networkarea.ch/forum/topic.php?id=4&s=9106beea248ecd1a552439168ada227e
- http://www.securityfocus.com/bid/18582
- http://www.securityfocus.com/bid/18582
- http://www.vupen.com/english/advisories/2006/2480
- http://www.vupen.com/english/advisories/2006/2480
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27293
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27293