PT-2006-3560 · Tuttophp · Tuttophp Pretty Guestbook+2
Luny
·
Publicado
2006-05-30
·
Atualizado
2018-10-18
·
CVE-2006-2637
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
TuttoPhp Morris Guestbook version 1
TuttoPhp Pretty Guestbook version 1
TuttoPhp Smile Guestbook version 1
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the
pagina parameter. This can be exploited by injecting malicious code into the pagina parameter.Recommendations
For TuttoPhp Morris Guestbook version 1, update the view.php file to properly sanitize the pagina parameter.
For TuttoPhp Pretty Guestbook version 1, update the view.php file to properly sanitize the pagina parameter.
For TuttoPhp Smile Guestbook version 1, update the view.php file to properly sanitize the pagina parameter.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Tuttophp Morris Guestbook
Tuttophp Pretty Guestbook
Tuttophp Smile Guestbook