CVE-2002-2339

Name of the Vulnerable Software and Affected Versions Script-Shed GuestBook version 1.0

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a javascript: URL in various tags, including image, img, image=right, img=right, image=left, and img=left.

Recommendations For Script-Shed GuestBook version 1.0, as a temporary workaround, consider disabling the execution of javascript: URLs in the configure.asp file until a patch is available. Restrict access to the configure.asp file to minimize the risk of exploitation. Avoid using the image, img, image=right, img=right, image=left, and img=left tags with javascript: URLs in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.