Guestbook
by Ftls
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-2093 | 0.07 | — | 0.46 | Apr 18, 2007 | Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter. | |||
| CVE-2002-0730 | 0.04 | — | 0.07 | Aug 12, 2002 | Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage. | |||
| CVE-2003-1348 | 0.03 | — | 0.01 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field. | |||
| CVE-2003-1136 | 0.03 | — | 0.05 | Oct 23, 2003 | Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL. | |||
| CVE-2007-2101 | 0.00 | — | 0.02 | Apr 18, 2007 | FAC Guestbook 3.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/gbdb.mdb. NOTE: the provenance of this information is unknown; the details are obtained solely… | |||
| CVE-2006-6279 | 0.00 | — | 0.01 | Dec 4, 2006 | index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message. | |||
| CVE-2005-3517 | 0.00 | — | 0.01 | Nov 6, 2005 | Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php. | |||
| CVE-2005-1685 | 0.00 | — | 0.02 | May 20, 2005 | episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp. |
- CVE-2007-2093Apr 18, 2007risk 0.07cvss —epss 0.46
Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.
- CVE-2002-0730Aug 12, 2002risk 0.04cvss —epss 0.07
Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.
- CVE-2003-1348Dec 31, 2003risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field.
- CVE-2003-1136Oct 23, 2003risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL.
- CVE-2007-2101Apr 18, 2007risk 0.00cvss —epss 0.02
FAC Guestbook 3.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/gbdb.mdb. NOTE: the provenance of this information is unknown; the details are obtained solely…
- CVE-2006-6279Dec 4, 2006risk 0.00cvss —epss 0.01
index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message.
- CVE-2005-3517Nov 6, 2005risk 0.00cvss —epss 0.01
Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php.
- CVE-2005-1685May 20, 2005risk 0.00cvss —epss 0.02
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.