CVE-2007-1305

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Sava's Guestbook version 23.11.2006

Description The issue allows remote attackers to inject arbitrary web script or HTML via the name, country, email, and website parameters in the add2.php file. This can lead to cross-site scripting (XSS) attacks.

Recommendations For Sava's Guestbook version 23.11.2006, consider validating and sanitizing user input for the name, country, email, and website parameters to prevent XSS attacks. As a temporary workaround, restrict access to the add2.php file until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1305

Affected Products

Sava'S Guestbook

CVE-2007-1305

Related Identifiers

Affected Products

References · 7