VYPR
Unrated severityNVD Advisory· Published Feb 23, 2006· Updated Jun 16, 2026

CVE-2006-0860

CVE-2006-0860

Description

Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression check, and (2) other unspecified attack vectors.

Affected products

2
  • cpe:2.3:a:michael_salzer:guestbox:0.6:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:michael_salzer:guestbox:0.6:*:*:*:*:*:*:*
    • (no CPE)range: <0.8

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.