CVE-2006-2882

Name of the Vulnerable Software and Affected Versions ASPScriptz Guest Book versions 2.0 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via several form fields in the submit.asp file. The vulnerable parameters are GBOOK UNAME, GBOOK EMAIL, GBOOK CITY, GBOOK COU, GBOOK WWW, and GBOOK MESS.

Recommendations For ASPScriptz Guest Book versions 2.0 and earlier, consider validating and sanitizing user input for the GBOOK UNAME, GBOOK EMAIL, GBOOK CITY, GBOOK COU, GBOOK WWW, and GBOOK MESS form fields to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.