CVE-2007-1623

Name of the Vulnerable Software and Affected Versions realGuestbook version 5.01

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via several parameters to the "welcome admin.php" file, including bg color 1, fs menu, fc menu, ff menu, bg color 2, fs normal, fc normal, and ff normal. The vulnerability is exploitable when the register globals setting is enabled.

Recommendations For realGuestbook version 5.01, consider disabling the register globals setting to mitigate the risk of exploitation. Additionally, restrict input for the parameters bg color 1, fs menu, fc menu, ff menu, bg color 2, fs normal, fc normal, and ff normal in the "welcome admin.php" file to prevent arbitrary web script or HTML injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.