VULHUB ™

MyGuestbook does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary HMTL code into pages that are generated by the guestbook. The attacker's code may be executed in the web client of users who view the pages generated by the guestbook, in the security context of the website hosting the software. Attackers may potentially exploit this issue to hijack web content or to steal cookie-based authentication credentials. This vulnerability has been reported for MyGuestbook version 3.0, previous versions may also be affected.

MyGuestbook does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary HMTL code into pages that are generated by the guestbook. The attacker's code may be executed in the web client of users who view the pages generated by the guestbook, in the security context of the website hosting the software. Attackers may potentially exploit this issue to hijack web content or to steal cookie-based authentication credentials. This vulnerability has been reported for MyGuestbook version 3.0, previous versions may also be affected.