8 lines
No EOL
575 B
Text
8 lines
No EOL
575 B
Text
source: https://www.securityfocus.com/bid/4513/info
|
|
|
|
xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems.
|
|
|
|
xGB allows users to post images in guestbook entries by using special syntax to denote a link to an image. However, script code is not filtered from the image tags ([img][/img]) used by the guestbook. An attacker may cause script code to be executed by arbitrary web users who view the guestbook entries.
|
|
|
|
[img]javascript:alert('This Guestbook allows Cross Site
|
|
Scripting');[/img] |