CVE-2006-3295

Open Guestbook 0.5 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in header.php in Open Guestbook 0.5 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by simo64 · textwebappsphp

https://www.exploit-db.com/exploits/28111

View Code ZIP pw:eip

References (6)

[Broken Link] http://secunia.com/advisories/20796

[Third Party Advisory] http://securityreason.com/securityalert/1166

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/438381/100/0/threaded

[Broken Link, Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/18666

[Broken Link] http://www.vupen.com/english/advisories/2006/2545

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/27397

Scores

EPSS 0.0077

EPSS Percentile 73.2%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

georgecurrums/open_guestbook

Timeline

Published Jun 29, 2006

Tracked Since Feb 18, 2026