Vulnerability CVE-2006-1697


Published: 2006-04-11   Modified: 2011-03-07

Description:
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Matt Wright Guestbook Xss Script Injection
Liz0ziM
10.04.2006

Vendor: Matt wright
Product: Matt wright guestbook 
Version: 2.3.1;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.vupen.com/english/advisories/2006/1287
http://www.securityfocus.com/bid/17438
http://www.securityfocus.com/archive/1/archive/1/430356/100/0/threaded
http://www.osvdb.org/24479
http://secunia.com/advisories/19586
http://liz0zim.no-ip.org/mattguestbook.html
http://xforce.iss.net/xforce/xfdb/25697
http://securityreason.com/securityalert/681

Related CVE
CVE-2009-4866
Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Script Archive (MSA) Simple Search 1.0 allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: some of these details are obtained from third party...
CVE-2009-1776
Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url param...
CVE-2009-1777
CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter.
CVE-2006-1698
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unkno...
CVE-2002-2109
Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a sp...
CVE-2002-1771
Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables.
CVE-2001-0937
PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters.
CVE-2001-0357
FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.

Copyright 2017, cxsecurity.com

 

Back to Top