PBL Guestbook v1.31 - XSS

Risk: Low
Local: No
Remote: Yes

CVSS Base Score: 2.6/10
Impact Subscore: 2.9/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

PBLGuestbook v1.31 Homepage: http://www.pixelatedbylev.com/ Effected files: input boxes of the guestbook. XSS Vulnerabilities PoC: I noticed that common tags like <script> are filtered into the words "SCRIPT BLOCKED" in this guestbook, however img tags as well as others go unfiltered in the Name, Email,and Website boxes. In turn, this could cause an XSS attack to occur. For PoC just enter: <IMG SRC=javascript:alert('XSS')> in any of these boxes.

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com


Back to Top