SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-18T15:56:39
Updated: 2024-08-05T00:05:44.068Z
Reserved: 2019-07-18T00:00:00
Link: CVE-2019-13948
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-07-18T16:15:12.047
Modified: 2024-11-21T04:25:45.507
Link: CVE-2019-13948
Redhat
No data.