BG Guestbook Cross-Agent Scripting Vulnerability

BG Guestbook is a freely available web application written in PHP, which is back-ended by a MySQL database. It can display content using either HTML or Flash. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

BG Guestbook is prone to cross-agent scripting attacks. This may enable a remote attacker to cause arbitrary script code to be executed in the browser of a legitimate web user, in the context of the site running the vulnerable software.

This issue is present in both the HTML and Flash versions of the vulnerable guestbook software.


 

Privacy Statement
Copyright 2010, SecurityFocus