[VIM] Vendor ACK for Emefa Guestbook 1.2 XSS
Steven M. Christey
coley at mitre.org
Sun Aug 21 16:37:45 EDT 2005
Ref: CAN-2005-2650 (forthcoming; see below)
The vendor's front page for the guestbook includes the item "Emefa
Guestbook News! Recent Bug fix to script. 08/18/2005". It links to
the original advisory and says "A recent bug that caused html and
javascript injection into 'sign.asp' has been fixed."
http://www.emefa.myserver.org/comp/guestview.php
- Steve
======================================================
Candidate: CAN-2005-2650
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2650
Reference: MISC:http://packetstormsecurity.org/0508-advisories/emefaGuest.txt
Reference: MISC:http://systemsecure.org/ssforum/viewtopic.php?t=91
Reference: CONFIRM:http://www.emefa.myserver.org/comp/guestview.php
Reference: SECUNIA:16489
Reference: URL:http://secunia.com/advisories/16489
Cross-site scripting (XSS) vulnerability in sign.asp in Emefa
Guestbook 1.2 allows remote attackers to inject arbitrary web script
or HTML via the (1) name, (2) location, and (3) email parameters.
More information about the VIM
mailing list