PT-2005-2584 · Psoft · Sitestudio

Donnie Werner

Published

2005-05-16

Updated

2017-07-11

CVE-2005-1605

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SiteStudio version 1.6

Description A cross-site scripting (XSS) issue exists in the guestbook component, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved via the name field in either the psoft.guestbook.GuestBookServ in Standalone Site Studio or the E-Guest sign.pl in Integrated Site Studio with H-Sphere.

Recommendations For SiteStudio version 1.6, consider disabling the guestbook component until a patch is available to prevent exploitation. Restrict access to the psoft.guestbook.GuestBookServ and E-Guest sign.pl to minimize the risk of XSS attacks. Avoid using the name field in the affected guestbook component until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1605

Affected Products

Sitestudio

PT-2005-2584 · Psoft · Sitestudio

CVE-2005-1605

Related Identifiers

Affected Products

References · 9