Vulnerabilities > CVE-2006-6487 - Cross-Site Scripting vulnerability in DT Guestbook DT Guestbook 1.0F

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
dt-guestbook
exploit available
NVD
Published: 2007-01-16
Updated: 2018-10-17

Summary

Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter. Successful exploitation requires that "register_globals" is enabled.

Vulnerable Configurations

Part Description Count
Application
Dt_Guestbook
1

Exploit-Db

descriptionDT_Guestbook 1.0 Index.PHP Cross-Site Scripting Vulnerability. CVE-2006-6487. Webapps exploit for php platform
idEDB-ID:29472
last seen2016-02-03
modified2007-01-16
published2007-01-16
reporterJesper Jurcenoks
sourcehttps://www.exploit-db.com/download/29472/
titleDT_Guestbook 1.0 Index.PHP Cross-Site Scripting Vulnerability

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/53742/netvigilance-sa10.txt
idPACKETSTORM:53742
last seen2016-12-05
published2007-01-18
reporterJesper Jurcenoks
sourcehttps://packetstormsecurity.com/files/53742/netvigilance-sa10.txt.html
titlenetvigilance-sa10.txt

References