VYPR
Medium severity5.4NVD Advisory· Published Jul 18, 2019· Updated Jun 17, 2026

CVE-2019-13948

CVE-2019-13948

Description

SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.