Vulnerabilities (CVE)

Filtered by vendor Realguestbook Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1625 1 Realguestbook 1 Realguestbook 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. NOTE: the original report stated that the vulnerability was in add_entry.php, which does not receive the input data.
CVE-2007-1623 1 Realguestbook 1 Realguestbook 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2) fs_menu, (3) fc_menu, (4) ff_menu, (5) bg_color_2, (6) fs_normal, (7) fc_normal, and (8) ff_normal parameters to welcome_admin.php; and possibly unspecified other parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1624 1 Realguestbook 1 Realguestbook 2024-02-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified parameters and files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.