Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27537
HistoryJan 09, 2012 - 12:00 a.m.

Tinyguestbook XSS

2012-01-0900:00:00
vulners.com
34
JSON

Exploit Title: Tinyguestbook XSS

Date: 01/03/12

Author: G13

Software Link: http://code.google.com/p/tinyguestbook/

Category: webapps (php)

Vulnerability

There is no sanitation on the input of the msg variable. This allows
malicious scripts to be added. This is a stored XSS

Vendor Notification

12/23/11 - Vendor Notified.
12/27/11 - Vendor email.
01/03/12 - No response, disclosure

Affected Variables

Msg=[XSS]

Exploit

The script can be added right in the page, there is no filtering of
input.

JSON