Multiple XSS inj in Wernhart Guestbook

Summary

Vulnerability
Multiple XSS inj in Wernhart Guestbook
Discovered
2010.11.18
Last Update
n/a n/a
ID
EV0150
CVE
n/a
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
Carl A. Wernhart (http://www.wernhart.priv.at/)
Vulnerable Software
Wernhart Guestbook
Version
2001.03.28
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in Wernhart Guestbook script.

Multiple XSS vulnerabilities
All user-defined parameters are not sanitized. Arbitrary XSS inj is possible. Vulnerable script: insert.phtml.

PoC/Exploit

XSS inj examples
All input data is not sanitized:
First Name: <XSS inj>
Last Name: <XSS inj>
E-Mail: <XSS inj>
Web Site: <XSS inj>

Solution.

Solution for "Multiple XSS inj in Wernhart Guestbook" is not available. Check Carl A. Wernhart website for updates.