Description
Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Matthew Murphy · textwebappscgi
https://www.exploit-db.com/exploits/21802
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/12235
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5728
Vendor Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0132.html
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-09/0198.html
Scores
EPSS
0.0059
EPSS Percentile
69.3%
Details
Status
published
Products (1)
lycos/htmlgear_guestgear
Published
Apr 02, 2003
Tracked Since
Feb 18, 2026