[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[eVuln] Guestex XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [eVuln] Guestex XSS Vulnerability
From: alex@xxxxxxxxx
Date: 24 Feb 2006 20:16:58 -0000

New eVuln Advisory:
Guestex XSS Vulnerability
http://evuln.com/vulns/77/summary.html

--------------------Summary----------------
eVuln ID: EV0077
CVE: CVE-2006-0776
Software: Guestext
Sowtware's Web Site: http://www.teca-scripts.com/
Versions: 1.0
Critical Level: Harmless
Type: Cross-Site Scripting
Class: Remote
Status: Unpatched. No reply from developer(s)
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
Vulnerable Script: guestex.pl

Variable $form{'url'} isn't properly sanitized. This can be used to post 
arbitrary javascript code.


--------------Exploit----------------------
Available at: http://evuln.com/vulns/77/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)


Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.

Prev by Date: Mambo Multiple Vulnerabilities
Next by Date: RE: Vulnerabilites in new laws on computer hacking
Previous by thread: Mambo Multiple Vulnerabilities
Next by thread: fwd: SuSE Security Announcement: heimdal (SUSE-SA:2006:011)
Index(es):
- Date
- Thread