Unknown · Advanced Guestbook · CVE-2021-47950
**Name of the Vulnerable Software and Affected Versions**
Advanced Guestbook version 2.4.4
**Description**
A persistent cross-site scripting issue exists in the smilies administration interface. Authenticated attackers can inject malicious scripts by sending POST requests to the 'admin.php' endpoint using the `s emotion` parameter. These scripts execute when administrators access the smilies tab.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
As a temporary workaround, restrict access to the `s emotion` parameter within the 'admin.php' endpoint.