CVE-2002-0732

MyGuestbook 1.0 - Cross-Site Scripting via User Name or Comments

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0732. PoCs published by BrainRawt.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in MyGuestbook by injecting JavaScript code into the 'name' or 'comments' fields, which executes when viewed by other users.

Description

Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote attackers to execute arbitrary script or inject HTML via fields such as (1) user name or (2) comments.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BrainRawt · textwebappscgi

https://www.exploit-db.com/exploits/21433

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in MyGuestbook by injecting JavaScript code into the 'name' or 'comments' fields, which executes when viewed by other users.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: MyGuestbook (version not specified)

No auth needed

Prerequisites: Access to the guestbook submission form

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

URL Repurposed x_refsource_confirm

http://www.levcgi.com/programs.cgi?program=myguestbook&action=history

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-04/0422.html

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4651

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/8968.php

Scores

EPSS 0.0275

EPSS Percentile 84.4%

Details

Status published

Products (1)

levcgi.com/myguestbook 1.0

Published Aug 12, 2002

Tracked Since Feb 18, 2026