CyberSec.Space Logo
Back to CVE Browser

CVE-2010-4407

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0610%
EPSS Percentile41.02th
PublishedDec 6, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters.

Affected Platforms (CPE)

πŸ“¦
Alberto Pittoni

Alguest

= 1.1

References & Advisories

πŸ”— http://evuln.com/vulns/151/summary.html
πŸ”— http://packetstormsecurity.org/files/view/96297/alguest-xss.txt
πŸ”— http://www.securityfocus.com/archive/1/514960/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/45140
πŸ”— http://evuln.com/vulns/151/summary.html
πŸ”— http://packetstormsecurity.org/files/view/96297/alguest-xss.txt
πŸ”— http://www.securityfocus.com/archive/1/514960/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/45140

Related Vulnerabilities

CVE-2002-049110.0

admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which a...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...