exploitDog

CVE-2005-4649

Опубликовано: 31 дек. 2005

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548.

Ссылки

http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1230.html
Exploit
http://www.morx.org/guestbook.txt
Exploit
http://www.osvdb.org/22188
Exploit
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1230.html
Exploit
http://www.morx.org/guestbook.txt
Exploit
http://www.osvdb.org/22188
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.2:*:*:*:*:*:*:*

cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00396

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-2wpp-hvf7-v98x

github

почти 4 года назад

Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548.

EPSS

Процентиль: 60%

0.00396

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other