XSS Vulnerability in MWGuest

Summary

Vulnerability
XSS Vulnerability in MWGuest
Discovered
2006.04.06
Last Update
2006.04.17 Exploitation code published
ID
EV0122
CVE
CVE-2006-1979
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched. No reply from developer(s)
Vendor
Manic Web
Vulnerable Software
MWGuest (http://www.manicweb.co.uk/)
Version
2.1.0
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in MWGuest (http://www.manicweb.co.uk/) script.

Vulnerable Script: mwguest.php

Parameter homepage is not properly sanitized. This can be used to post arbitrary HTML or web script code.

Condition: magic_quotes_gpc = off

PoC/Exploit

Cross-Site Scripting Example:

URL: http://[host]/mwguest/mwguest.php
Homepage: ">[XSS]<aaa aaa="

Solution.

Solution for "XSS Vulnerability in MWGuest" is not available. Check Manic Web website for updates.