CVE-2007-4711

Www.toms-seiten.at Toms Gaestebuch - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch 1.00 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage, (2) mail, and (3) name parameters in a show action to (a) form.php; the (4) language and (5) anzeigebreite parameters to (b) admin/header.php; and the (6) msg parameter to (c) install.php, different vectors than CVE-2006-0706.

Exploits (2)

exploitdb WRITEUP VERIFIED

by cod3in · textwebappsphp

https://www.exploit-db.com/exploits/30554

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by cod3in · textwebappsphp

https://www.exploit-db.com/exploits/30553

View Code ZIP pw:eip

References (8)

[Patch, Vendor Advisory] http://secunia.com/advisories/26662

[Third Party Advisory, VDB Entry] http://www.osvdb.org/36735

[Exploit, Patch] http://www.securityfocus.com/bid/25507

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36404

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/478360/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/478803/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.osvdb.org/36736

[Third Party Advisory] http://securityreason.com/securityalert/3097

Scores

EPSS 0.0497

EPSS Percentile 89.5%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

www.toms-seiten.at/toms_gaestebuch

Timeline

Published Sep 05, 2007

Tracked Since Feb 18, 2026