Vulnerabilities > Syguestbook A5 Project > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-18 | CVE-2019-13950 | Cross-site Scripting vulnerability in Syguestbook A5 Project Syguestbook A5 1.2 index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment. | 5.4 |
| 2019-07-18 | CVE-2019-13948 | Cross-site Scripting vulnerability in Syguestbook A5 Project Syguestbook A5 1.2 SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element. | 5.4 |