CVE-2021-47950

Name of the Vulnerable Software and Affected Versions Advanced Guestbook version 2.4.4

Description A persistent cross-site scripting issue exists in the smilies administration interface. Authenticated attackers can inject malicious scripts by sending POST requests to the 'admin.php' endpoint using the s emotion parameter. These scripts execute when administrators access the smilies tab.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the s emotion parameter within the 'admin.php' endpoint.