CVE-2003-1241

Name of the Vulnerable Software and Affected Versions MyGuestbook version 3.0

Description A cross-site scripting vulnerability (XSS) exists in MyGuestbook, allowing remote attackers to execute arbitrary PHP code. This is achieved by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters in several PHP files, including admin index.php, admin pass.php, admin modif.php, and admin suppr.php.

Recommendations For MyGuestbook version 3.0, update the software to a version that includes a fix for this issue, ensuring that the pseudo, email, and message parameters are properly sanitized to prevent script injection. As a temporary workaround, consider restricting access to the admin index.php, admin pass.php, admin modif.php, and admin suppr.php files to minimize the risk of exploitation.