XSS Vulnerability in MWGuest
- XSS Vulnerability in MWGuest
- Last Update
- 2006.04.17 Exploitation code published
- Risk Level
- Cross Site Scripting
- Unpatched. No reply from developer(s)
- Manic Web
- Vulnerable Software
- MWGuest (http://www.manicweb.co.uk/)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Cross Site Scripting found in MWGuest (http://www.manicweb.co.uk/) script.
Vulnerable Script: mwguest.php
Parameter homepage is not properly sanitized. This can be used to post arbitrary HTML or web script code.
Condition: magic_quotes_gpc = off
Cross-Site Scripting Example:
Homepage: ">[XSS]<aaa aaa="
Solution for "XSS Vulnerability in MWGuest" is not available. Check Manic Web website for updates.