Guestex XSS Vulnerability

Summary

Vulnerability
Guestex XSS Vulnerability
Discovered
2006.02.11
Last Update
2006.02.21 Exploitation code published
ID
EV0077
CVE
CVE-2006-0776
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched. No reply from developer(s)
Vendor
n/a
Vulnerable Software
Guestext (http://www.teca-scripts.com/)
Version
1.0
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in Guestext (http://www.teca-scripts.com/) script.

Vulnerable Script: guestex.pl

Variable $form{'url'} isn't properly sanitized. This can be used to post arbitrary javascript code.

PoC/Exploit

When adding new record:

URL: javascript:alert(123)

Solution.

Solution for "Guestex XSS Vulnerability" is not available. Check vendor's website for updates.