CVE-2005-1605

Name of the Vulnerable Software and Affected Versions SiteStudio version 1.6

Description A cross-site scripting (XSS) issue exists in the guestbook component, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved via the name field in either the psoft.guestbook.GuestBookServ in Standalone Site Studio or the E-Guest sign.pl in Integrated Site Studio with H-Sphere.

Recommendations For SiteStudio version 1.6, consider disabling the guestbook component until a patch is available to prevent exploitation. Restrict access to the psoft.guestbook.GuestBookServ and E-Guest sign.pl to minimize the risk of XSS attacks. Avoid using the name field in the affected guestbook component until the issue is resolved.