CVE-2002-0730

Philip Chinery's Guestbook 1.1 - Cross-Site Scripting via Name EMail or Homepage Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0730. PoCs published by markus arndt.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Philip Chinery's Guestbook version 1.1. The vulnerability arises due to insufficient filtering of script code from form fields and URL parameters, allowing an attacker to inject malicious scripts into guestbook pages.

Description

Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.

Exploits (1)

exploitdb WORKING POC VERIFIED

by markus arndt · textwebappscgi

https://www.exploit-db.com/exploits/21406

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Philip Chinery's Guestbook version 1.1. The vulnerability arises due to insufficient filtering of script code from form fields and URL parameters, allowing an attacker to inject malicious scripts into guestbook pages.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Philip Chinery's Guestbook 1.1

No auth needed

Prerequisites: Access to the guestbook URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/8916.php

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-04/0309.html

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4566

Scores

EPSS 0.0686

EPSS Percentile 93.2%

Details

Status published

Products (1)

philip_chinery/philip_chinerys_guestbook 1.1

Published Aug 12, 2002

Tracked Since Feb 18, 2026