page XSS Vulnerability in Doika guestbook

Summary

Vulnerability
page XSS Vulnerability in Doika guestbook
Discovered
2006.08.21
Last Update
2006.08.31 Exploitation code published
ID
EV0134
CVE
CVE-2006-4325
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched. No reply from developer(s)
Vendor
n/a
Vulnerable Software
Doika guestbook (http://doika.net/)
Version
2.5
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in Doika guestbook (http://doika.net/) script.

Cross-Site Scripting.

Vulnerable Script: gbook.php

Parameter page is not properly sanitized. This can be used to post arbitrary HTML or web script code.

PoC/Exploit

Cross-Site Scripting Example:

URL: http://[host]gbook.php?id=new

new entry:

url: http://host/" onmouseover="alert(123)

Solution.

Solution for "page XSS Vulnerability in Doika guestbook" is not available. Check vendor's website for updates.