Vulnerability Description
Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book allows remote attackers to inject arbitrary web script or HTML via certain comment fields in the "Sign Our GuestBook" page, probably the x_Comments parameter to guestbookadd.asp.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Techno Dreams | Techno Dreams Guest Book | All versions |
References
- http://colander.altervista.org/advisory/TDGuestBook.txt
- http://secunia.com/advisories/20403Vendor Advisory
- http://www.securityfocus.com/bid/18210
- http://www.vupen.com/english/advisories/2006/2079
- http://colander.altervista.org/advisory/TDGuestBook.txt
- http://secunia.com/advisories/20403Vendor Advisory
- http://www.securityfocus.com/bid/18210
- http://www.vupen.com/english/advisories/2006/2079
FAQ
What is CVE-2006-2837?
CVE-2006-2837 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book allows remote attackers to inject arbitrary web script or HTML via certain comment fields in the "Sign Our GuestBook" page, probabl...
How severe is CVE-2006-2837?
CVE-2006-2837 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2837?
Check the references section above for vendor advisories and patch information. Affected products include: Techno Dreams Techno Dreams Guest Book.