Medium severity5.4NVD Advisory· Published Jul 18, 2019· Updated Jun 17, 2026
CVE-2019-13948
CVE-2019-13948
Description
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element.
Affected products
2- SyGuestBook A5/SyGuestBook A5description
- Range: <=1.2
Patches
Vulnerability mechanics
References
2- fragrant10.github.io/2019/02/22/SyGuestBookA5%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.htmlnvdExploitThird Party Advisory
- github.com/fragrant10/fragrant10.github.io/blob/master/_posts/2019-02-22-SyGuestBookA5%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.mdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.