CVE-2004-1213 - Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly

CVE-2004-1213

Summary

Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter.

References

http://marc.info/?l=bugtraq&m=110206527624612&w=2
http://marc.info/?l=bugtraq&m=110238530129498&w=2
http://www.securityfocus.com/bid/11798
https://exchange.xforce.ibmcloud.com/vulnerabilities/18334

Vulnerable Configurations

cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.2:*:*:*:*:*:*:*
cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.2:*:*:*:*:*:*:*
cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.3.1:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	11798
bugtraq	20041202 Advanced Guestbook 20041204 Re: Advanced Guestbook
xf	advguestbook-indexphp-xss(18334)

Last major update

11-07-2017 - 01:30

Published

10-01-2005 - 05:00

Last modified

11-07-2017 - 01:30