CVE-2008-6359

Опубликовано: 02 мар. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) message parameters.

Ссылки

http://osvdb.org/50654
http://packetstormsecurity.org/files/110772/Maxs-Guestbook-1.0-Local-File-Inclusion-Path-Disclosure.html
http://secunia.com/advisories/33106
Vendor Advisory
http://www.exploit-db.com/exploits/18595
http://www.securityfocus.com/archive/1/499099/100/0/threaded
http://www.securityfocus.com/bid/32763
http://www.securityfocus.com/bid/52471
https://exchange.xforce.ibmcloud.com/vulnerabilities/47250
https://exchange.xforce.ibmcloud.com/vulnerabilities/74011
http://osvdb.org/50654
http://packetstormsecurity.org/files/110772/Maxs-Guestbook-1.0-Local-File-Inclusion-Path-Disclosure.html
http://secunia.com/advisories/33106
Vendor Advisory
http://www.exploit-db.com/exploits/18595
http://www.securityfocus.com/archive/1/499099/100/0/threaded
http://www.securityfocus.com/bid/32763
http://www.securityfocus.com/bid/52471
https://exchange.xforce.ibmcloud.com/vulnerabilities/47250
https://exchange.xforce.ibmcloud.com/vulnerabilities/74011

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpf1:max\'s_guestbook:-:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00619

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-3hv5-2p2f-9642

github

больше 3 лет назад