CGI-City's CCGuestBook Script Injection Vulns

Credit: BrainRawt
Risk: Low
Local: No
Remote: Yes

CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

CGI-City's CCGuestBook Script Injection Vulnerabilities Discovered By BrainRawt (brainrawt (at) hotmail (dot) com [email concealed]) About CCGuestBook: ------------------ CC Guestbook is a simple guestbook program that is very easy to configure and install. It features a notification facility which sends an email alert to the guestbook owner whenever new entries are made. It may also be used as a post-it board to allow visitors to a web site to just post messages. CCGuestBook can be downloaded from the following address. Vendor Contact: ---------------- 1-30-03 Emailed cgicity (at) icthus (dot) net [email concealed] No Response Vulnerability: ---------------- neglects filtering user input allowing for script injection to the guestbook via "name" and "webpage title". The injected script will be executed in anyones browser who visits the guestbook. Exploit (POC): ---------------- <script>alert('obvious?')</script> _________________________________________________________________ Protect your PC - get VirusScan Online

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021,


Back to Top