Bg Guestbook
Products
1- 13 CVEs
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-3328 | 0.03 | — | 0.01 | Sep 23, 2009 | Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). NOTE: some of these details are obtained from third party information. | |||
| CVE-2005-4880 | 0.03 | — | 0.02 | Mar 31, 2009 | Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4)… | |||
| CVE-2008-2414 | 0.03 | — | 0.01 | May 22, 2008 | Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter. | |||
| CVE-2007-4937 | 0.03 | — | 0.03 | Sep 18, 2007 | CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php. | |||
| CVE-2006-3295 | 0.03 | — | 0.02 | Jun 29, 2006 | Cross-site scripting (XSS) vulnerability in header.php in Open Guestbook 0.5 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||
| CVE-2003-1182 | 0.03 | — | 0.02 | Nov 3, 2003 | Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. | |||
| CVE-2002-1410 | 0.03 | — | 0.03 | Apr 11, 2003 | Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi. | |||
| CVE-2009-0424 | 0.00 | — | 0.01 | Feb 5, 2009 | Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook (ANG) before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in (1) administrator/manage.php or (2) administrator/trash.php. NOTE:… | |||
| CVE-2008-3847 | 0.00 | — | 0.01 | Aug 27, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (ANG) before 0.7.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-1302 | 0.00 | — | 0.01 | Mar 7, 2007 | SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected. | |||
| CVE-2007-1305 | 0.00 | — | 0.01 | Mar 7, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters. | |||
| CVE-2006-2764 | 0.00 | — | 0.01 | Jun 2, 2006 | Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an IMG tag in a comment field to (1) guestwrite.php or (2) guestbook.php. | |||
| CVE-2002-0457 | 0.00 | — | 0.02 | Aug 12, 2002 | Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message. |
- CVE-2009-3328Sep 23, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). NOTE: some of these details are obtained from third party information.
- CVE-2005-4880Mar 31, 2009risk 0.03cvss —epss 0.02
Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4)…
- CVE-2008-2414May 22, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter.
- CVE-2007-4937Sep 18, 2007risk 0.03cvss —epss 0.03
CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php.
- CVE-2006-3295Jun 29, 2006risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in header.php in Open Guestbook 0.5 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
- CVE-2003-1182Nov 3, 2003risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.
- CVE-2002-1410Apr 11, 2003risk 0.03cvss —epss 0.03
Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi.
- CVE-2009-0424Feb 5, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook (ANG) before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in (1) administrator/manage.php or (2) administrator/trash.php. NOTE:…
- CVE-2008-3847Aug 27, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (ANG) before 0.7.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-1302Mar 7, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected.
- CVE-2007-1305Mar 7, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters.
- CVE-2006-2764Jun 2, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an IMG tag in a comment field to (1) guestwrite.php or (2) guestbook.php.
- CVE-2002-0457Aug 12, 2002risk 0.00cvss —epss 0.02
Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message.