CVE-2010-4407

Alberto Pittoni Alguest - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the (1) nome (nickname), (2) messaggio (message), and (3) link (homepage) parameters.

References (4)

[Exploit, Patch] http://evuln.com/vulns/151/summary.html

[Exploit] http://packetstormsecurity.org/files/view/96297/alguest-xss.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/514960/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/45140

Scores

EPSS 0.0029

EPSS Percentile 51.7%

Classification

CWE

CWE-79

Status published

Affected Products (2)

alberto_pittoni/alguest

n/a/n/a

Timeline

Published Dec 06, 2010

Tracked Since Feb 18, 2026