Vulnerabilities > CVE-2006-4325 - HTML Injection vulnerability in Doika Guestbook
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
doika
Summary
Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook 2.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/49993/EV0134.txt |
id | PACKETSTORM:49993 |
last seen | 2016-12-05 |
published | 2006-09-14 |
reporter | Aliaksandr Hartsuyeu |
source | https://packetstormsecurity.com/files/49993/EV0134.txt.html |
title | EV0134.txt |
References
- http://evuln.com/vulns/134/description.html
- http://secunia.com/advisories/21549
- http://www.osvdb.org/28068
- http://www.securityfocus.com/archive/1/445903/100/0/threaded
- http://www.securityfocus.com/bid/19656
- http://www.vupen.com/english/advisories/2006/3342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28503