CVE-2009-3493

Name of the Vulnerable Software and Affected Versions Zenas PaoBacheca Guestbook version 2.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the PATH INFO to specific API endpoints: "scrivi.php" and "index.php".

Recommendations For Zenas PaoBacheca Guestbook version 2.1, consider disabling access to the "scrivi.php" and "index.php" endpoints until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.