mailing list archives
Guestbook v1.1.3 CSS Vuln
From: flur <flur () flurnet org>
Date: Fri, 14 Mar 2003 17:22:51 -0500
Project: Filebased guestbook.
Author: Copyright (c) Urs <urs () circle ch>
This PHP guest book script is vulnerable to hostile cross scripting in the
'comment' section of guest book posts. Comments span across multiple pages,
with the newest on the first page- thus a malicious user could easily embed
hostile code and expect all that read the guest book with script-processing
browsers to execute it.
The vendor has indicated that this project has been discontinued.
____________________ __ _
~FluRDoInG flur () flurnet org
KEY ID 0x8C2C37C4 (pgp.mit.edu) RSA-CAST 2048/2048
1876 B762 F909 91EB 0C02 C06B 83FF E6C5 8C2C 37C4
- Guestbook v1.1.3 CSS Vuln flur (Mar 14)