VULHUB ™

It has been reported that Guestbook does not sufficiently filter user-supplied values from certain fields. As a result, attackers may embed malicious script code or HTML into Guestbook posts. When a malicious post is viewed by another user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.

It has been reported that Guestbook does not sufficiently filter user-supplied values from certain fields. As a result, attackers may embed malicious script code or HTML into Guestbook posts. When a malicious post is viewed by another user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.