PT-2006-2272 · Php · Phphg Guestbook
Aliaksandr Hartsuyeu
·
Published
2006-03-19
·
Updated
2018-10-18
·
CVE-2006-1256
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
PHP Guestbook version 2.6
Description
The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the
url parameter in the guestbook.php file.Recommendations
For version 2.6, consider restricting access to the guestbook.php file until a patch is available. As a temporary workaround, avoid using the
url parameter in the guestbook.php file to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phphg Guestbook