CVE-2019-13948

Name of the Vulnerable Software and Affected Versions SyGuestBook version 1.2

Description The issue arises from the isValidData function in include/functions.php not properly blocking XSS payloads, allowing for stored XSS attacks. This can be demonstrated by a crafted use of the onerror attribute of an IMG element.

Recommendations For SyGuestBook version 1.2, consider modifying the isValidData function in include/functions.php to properly block XSS payloads, or as a temporary workaround, restrict the use of the onerror attribute in IMG elements to minimize the risk of exploitation.