CVE-2006-2975

Name of the Vulnerable Software and Affected Versions PBL Guestbook version 1.31

Description The issue allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the name, email, and website parameters. This bypasses protection mechanisms that check for SCRIPT tags but not IMG.

Recommendations For PBL Guestbook version 1.31, consider disabling the use of IMG tags in the name, email, and website parameters until a patch is available. Restrict access to the pblguestbook.php file to minimize the risk of exploitation. Avoid using javascript in the SRC attribute of IMG tags in these parameters until the issue is resolved.