Guestex XSS Vulnerability

Summary

Vulnerability: Guestex XSS Vulnerability
Discovered: 2006.02.11
Last Update: 2006.02.21 Exploitation code published
ID: EV0077
CVE: CVE-2006-0776
Risk Level: low
Type: Cross Site Scripting
Status: Unpatched. No reply from developer(s)
Vendor: n/a
Vulnerable Software: Guestext (http://www.teca-scripts.com/)
Version: 1.0
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in Guestext (http://www.teca-scripts.com/) script.

Vulnerable Script: guestex.pl

Variable $form{'url'} isn't properly sanitized. This can be used to post arbitrary javascript code.

PoC/Exploit

When adding new record:

URL: javascript:alert(123)

Solution.

Solution for "Guestex XSS Vulnerability" is not available. Check vendor's website for updates.