CVE-2006-2231

Name of the Vulnerable Software and Affected Versions Big Webmaster Guestbook Script versions 1.02 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via several fields, including the mail, site, city, state, country, and possibly the name fields, which are viewed via the "viewguest.cgi" endpoint. This can be exploited by attackers to inject malicious scripts.

Recommendations For Big Webmaster Guestbook Script versions 1.02 and earlier, consider restricting input for the mail, site, city, state, country, and name fields in the "addguest.cgi" script to prevent arbitrary web script or HTML injection until a patch is available. As a temporary workaround, restrict access to the "viewguest.cgi" endpoint to minimize the risk of exploitation.