PT-2006-3560 · Tuttophp · Tuttophp Pretty Guestbook+2

Luny

Published

2006-05-30

Updated

2018-10-18

CVE-2006-2637

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions TuttoPhp Morris Guestbook version 1 TuttoPhp Pretty Guestbook version 1 TuttoPhp Smile Guestbook version 1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter. This can be exploited by injecting malicious code into the pagina parameter.

Recommendations For TuttoPhp Morris Guestbook version 1, update the view.php file to properly sanitize the pagina parameter. For TuttoPhp Pretty Guestbook version 1, update the view.php file to properly sanitize the pagina parameter. For TuttoPhp Smile Guestbook version 1, update the view.php file to properly sanitize the pagina parameter.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2637

Affected Products

Tuttophp Morris Guestbook

Tuttophp Pretty Guestbook

Tuttophp Smile Guestbook

PT-2006-3560 · Tuttophp · Tuttophp Pretty Guestbook+2

CVE-2006-2637

Related Identifiers

Affected Products

References · 15