CVE-2004-1213

Advanced Guestbook 2.3.1 and 2.2 - Cross-Site Scripting via Entry Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1213. PoCs published by Emile van Elen.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Advanced Guestbook 2.3.1, where user-supplied URI input is not properly sanitized. An example exploit URI is included to demonstrate the issue.

Description

Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Emile van Elen · textwebappsphp
https://www.exploit-db.com/exploits/24797

The provided text describes a cross-site scripting (XSS) vulnerability in Advanced Guestbook 2.3.1, where user-supplied URI input is not properly sanitized. An example exploit URI is included to demonstrate the issue.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Advanced Guestbook 2.3.1
No auth needed
Prerequisites: A vulnerable version of Advanced Guestbook · Victim interaction to follow a malicious link
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18334
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11798
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110238530129498&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110206527624612&w=2

Scores

EPSS 0.0200
EPSS Percentile 78.3%

Details

Status published
Products (2)
advanced_guestbook/advanced_guestbook 2.2
advanced_guestbook/advanced_guestbook 2.3.1
Published Jan 10, 2005
Tracked Since Feb 18, 2026