CVE-2006-2764

Name of the Vulnerable Software and Affected Versions GuestbookXL version 1.3

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an IMG tag in a comment field. This can be done by accessing the "guestwrite.php" or "guestbook.php" API endpoints.

Recommendations For GuestbookXL version 1.3, as a temporary workaround, consider disabling the comment field in "guestwrite.php" and "guestbook.php" until a patch is available. Restrict access to these endpoints to minimize the risk of exploitation. Avoid using javascript URIs in IMG tags within comment fields until the issue is resolved.