CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2002-0457

HIGH
7.6
CVSS Severity Score
EPSS Score0.0610%
EPSS Percentile44.88th
Published2002年8月12日
Last Modified2026年4月16日

Vulnerability Description

Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message.

Affected Platforms (CPE)

📦
Bg Guestbook

Bg Guestbook

= 1.0

References & Advisories

🔗 http://www.iss.net/security_center/static/8474.php
🔗 http://www.securityfocus.com/archive/1/262693
🔗 http://www.securityfocus.com/bid/4308
🔗 http://www.iss.net/security_center/static/8474.php
🔗 http://www.securityfocus.com/archive/1/262693
🔗 http://www.securityfocus.com/bid/4308

相關漏洞威脅

CVE-2002-049110.0

admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which a...

CVE-2001-009910.0

bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.

CVE-2001-002210.0

simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the...

CVE-2007-148610.0

PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers ...