Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters.
References
Link | Resource |
---|---|
http://marc.info/?l=full-disclosure&m=115464286427745&w=2 | Exploit Mailing List |
http://secunia.com/advisories/21357 | Permissions Required Third Party Advisory |
http://www.securityfocus.com/archive/1/442205/100/200/threaded | |
http://www.securityfocus.com/bid/19343 | Exploit Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2006/3155 | Not Applicable |
https://exchange.xforce.ibmcloud.com/vulnerabilities/28219 |
Configurations
History
No history.
Information
Published : 2006-08-09 22:04
Updated : 2024-02-28 10:42
NVD link : CVE-2006-4038
Mitre link : CVE-2006-4038
CVE.ORG link : CVE-2006-4038
JSON object : View
Products Affected
chaossoft
- gaestechaos
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')