Vulnerabilities > CVE-2006-3063 - Cross-Site Scripting vulnerability in MyPHP Guestbook

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

high complexity

myphp-guestbook

NVD

Published: 2006-06-19

Updated: 2017-07-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php.

Vulnerable Configurations

Part	Description	Count
Application	Myphp_Guestbook Myphp Guestbook Myphp Guestbook 1.0 Myphp Guestbook Myphp Guestbook 1.8 Myphp Guestbook Myphp Guestbook 1.8.3 Myphp Guestbook Myphp Guestbook 1.9 Myphp Guestbook Myphp Guestbook 1.9.2 Myphp Guestbook Myphp Guestbook 2.0.0 Myphp Guestbook Myphp Guestbook 2.0.0-R1 Myphp Guestbook Myphp Guestbook 2.0.0_Alpha Myphp Guestbook Myphp Guestbook 2.0.0_Beta Myphp Guestbook Myphp Guestbook 2.0.0_Rc1 Myphp Guestbook Myphp Guestbook 2.0.0_Rc2 Myphp Guestbook Myphp Guestbook 2.0.0_Rc3 Myphp Guestbook Myphp Guestbook 2.0.0_Rc4 Myphp Guestbook Myphp Guestbook 2.0.1_Beta Myphp Guestbook Myphp Guestbook 2.0.1_Rc1 Myphp Guestbook Myphp Guestbook 2.0.1_Rc2 Myphp Guestbook Myphp Guestbook 2.0.1_Rc3 Myphp Guestbook Myphp Guestbook 2.0.1_Rc4	18

Summary

Vulnerable Configurations

References