PT-2009-4857 · Jnm · Jnm Guestbook
Published
2009-07-13
·
Updated
2009-07-13
·
CVE-2009-2440
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
JNM Guestbook version 3.0
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the
page parameter in index.php.Recommendations
For JNM Guestbook version 3.0, consider validating and sanitizing user input for the
page parameter to prevent XSS attacks. As a temporary workaround, restrict access to index.php to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jnm Guestbook