|
|
htmlGEAR guestGEAR CVE-2006-2808 Cross-Site Scripting Vulnerability
htmlGEAR guestGEAR is prone to a cross-site scripting vulnerability. Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations. |
|
Privacy Statement |