Unrated severityNVD Advisory· Published Dec 29, 2011· Updated Apr 29, 2026
CVE-2011-5026
CVE-2011-5026
Description
Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information.
Affected products
9cpe:2.3:a:winn:winn_guestbook:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:winn:winn_guestbook:*:*:*:*:*:*:*:*range: <=2.4.8c
- cpe:2.3:a:winn:winn_guestbook:2.4.1:beta:*:*:*:*:*:*
- cpe:2.3:a:winn:winn_guestbook:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:winn:winn_guestbook:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:winn:winn_guestbook:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:winn:winn_guestbook:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:winn:winn_guestbook:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:winn:winn_guestbook:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:winn:winn_guestbook:2.4.8b:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.