CVE-2006-0860

Michael Salzer Guestbox - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression check, and (2) other unspecified attack vectors.

References (7)

[Patch, Vendor Advisory] http://secunia.com/advisories/18946

[Patch] http://www.securityfocus.com/bid/16751

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/0675

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24798

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/425495/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/426663/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.osvdb.org/23375

Scores

EPSS 0.0105

EPSS Percentile 77.3%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

michael_salzer/guestbox

Timeline

Published Feb 23, 2006

Tracked Since Feb 18, 2026