CVE-2005-4879

Jax Guestbook <3.31 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters. NOTE: the page parameter is already covered by CVE-2006-1913. NOTE: it was later reported that 3.50 is also affected.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31580

View Code ZIP pw:eip

References (5)

[Exploit] http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html

[Vendor Advisory] http://secunia.com/advisories/16337

[Third Party Advisory, VDB Entry] http://downloads.securityfocus.com/vulnerabilities/exploits/28523.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/28523

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43562

Scores

EPSS 0.0019

EPSS Percentile 40.5%

Classification

CWE

CWE-79

Status published

Affected Products (3)

jax_scripts/jax_guestbook

jax_scripts/jax_guestbook

n/a/n/a

Timeline

Published Mar 31, 2009

Tracked Since Feb 18, 2026