Vulnerabilites related to matt_wright - matt_wright_guestbook
cve-2006-1697
Vulnerability from cvelistv5
Published
2006-04-11 10:00
Modified
2024-08-07 17:19
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.
References
http://www.securityfocus.com/bid/17438vdb-entry, x_refsource_BID
http://www.osvdb.org/24479vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/19586third-party-advisory, x_refsource_SECUNIA
http://liz0zim.no-ip.org/mattguestbook.htmlx_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/25697vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2006/1287vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/430356/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://securityreason.com/securityalert/681third-party-advisory, x_refsource_SREASON
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T17:19:49.474Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "17438",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/17438",
               },
               {
                  name: "24479",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/24479",
               },
               {
                  name: "19586",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19586",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://liz0zim.no-ip.org/mattguestbook.html",
               },
               {
                  name: "guestbook-guestbook-parameters-xss(25697)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697",
               },
               {
                  name: "ADV-2006-1287",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/1287",
               },
               {
                  name: "20060408 Matt Wright Guestbook Xss Script İnjection",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/430356/100/0/threaded",
               },
               {
                  name: "681",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SREASON",
                     "x_transferred",
                  ],
                  url: "http://securityreason.com/securityalert/681",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2006-04-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-18T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "17438",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/17438",
            },
            {
               name: "24479",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/24479",
            },
            {
               name: "19586",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19586",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://liz0zim.no-ip.org/mattguestbook.html",
            },
            {
               name: "guestbook-guestbook-parameters-xss(25697)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697",
            },
            {
               name: "ADV-2006-1287",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/1287",
            },
            {
               name: "20060408 Matt Wright Guestbook Xss Script İnjection",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/430356/100/0/threaded",
            },
            {
               name: "681",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SREASON",
               ],
               url: "http://securityreason.com/securityalert/681",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2006-1697",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "17438",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/17438",
                  },
                  {
                     name: "24479",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/24479",
                  },
                  {
                     name: "19586",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/19586",
                  },
                  {
                     name: "http://liz0zim.no-ip.org/mattguestbook.html",
                     refsource: "MISC",
                     url: "http://liz0zim.no-ip.org/mattguestbook.html",
                  },
                  {
                     name: "guestbook-guestbook-parameters-xss(25697)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697",
                  },
                  {
                     name: "ADV-2006-1287",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2006/1287",
                  },
                  {
                     name: "20060408 Matt Wright Guestbook Xss Script İnjection",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/430356/100/0/threaded",
                  },
                  {
                     name: "681",
                     refsource: "SREASON",
                     url: "http://securityreason.com/securityalert/681",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2006-1697",
      datePublished: "2006-04-11T10:00:00",
      dateReserved: "2006-04-10T00:00:00",
      dateUpdated: "2024-08-07T17:19:49.474Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2006-1698
Vulnerability from cvelistv5
Published
2006-04-11 10:00
Modified
2024-08-07 17:19
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.
References
http://secunia.com/advisories/19586third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/25697vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2006/1287vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T17:19:49.401Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "19586",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/19586",
               },
               {
                  name: "guestbook-guestbook-parameters-xss(25697)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697",
               },
               {
                  name: "ADV-2006-1287",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/1287",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2006-04-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-19T15:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "19586",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/19586",
            },
            {
               name: "guestbook-guestbook-parameters-xss(25697)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697",
            },
            {
               name: "ADV-2006-1287",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/1287",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2006-1698",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "19586",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/19586",
                  },
                  {
                     name: "guestbook-guestbook-parameters-xss(25697)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697",
                  },
                  {
                     name: "ADV-2006-1287",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2006/1287",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2006-1698",
      datePublished: "2006-04-11T10:00:00",
      dateReserved: "2006-04-10T00:00:00",
      dateUpdated: "2024-08-07T17:19:49.401Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-1999-1053
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 16:55
Severity ?
Summary
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
References
http://www.securityfocus.com/archive/82/27296mailing-list, x_refsource_VULN-DEV
http://www.securityfocus.com/bid/776vdb-entry, x_refsource_BID
http://www.securityfocus.com/archive/1/33674mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/82/27560mailing-list, x_refsource_VULN-DEV
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T16:55:29.483Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "19990913 Guestbook perl script (long)",
                  tags: [
                     "mailing-list",
                     "x_refsource_VULN-DEV",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/82/27296",
               },
               {
                  name: "776",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/776",
               },
               {
                  name: "19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/33674",
               },
               {
                  name: "19990916 Re: Guestbook perl script (error fix)",
                  tags: [
                     "mailing-list",
                     "x_refsource_VULN-DEV",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/82/27560",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "1999-11-05T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "guestbook.pl cleanses user-inserted SSI commands by removing text between \"<!--\" and \"-->\" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides \"-->\".",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2002-01-10T10:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "19990913 Guestbook perl script (long)",
               tags: [
                  "mailing-list",
                  "x_refsource_VULN-DEV",
               ],
               url: "http://www.securityfocus.com/archive/82/27296",
            },
            {
               name: "776",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/776",
            },
            {
               name: "19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/33674",
            },
            {
               name: "19990916 Re: Guestbook perl script (error fix)",
               tags: [
                  "mailing-list",
                  "x_refsource_VULN-DEV",
               ],
               url: "http://www.securityfocus.com/archive/82/27560",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-1999-1053",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "guestbook.pl cleanses user-inserted SSI commands by removing text between \"<!--\" and \"-->\" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides \"-->\".",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "19990913 Guestbook perl script (long)",
                     refsource: "VULN-DEV",
                     url: "http://www.securityfocus.com/archive/82/27296",
                  },
                  {
                     name: "776",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/776",
                  },
                  {
                     name: "19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2)",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/33674",
                  },
                  {
                     name: "19990916 Re: Guestbook perl script (error fix)",
                     refsource: "VULN-DEV",
                     url: "http://www.securityfocus.com/archive/82/27560",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-1999-1053",
      datePublished: "2001-09-12T04:00:00",
      dateReserved: "2001-08-31T00:00:00",
      dateUpdated: "2024-08-01T16:55:29.483Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2006-04-11 10:02
Modified
2024-11-21 00:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.
Impacted products
Vendor Product Version
matt_wright matt_wright_guestbook *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:matt_wright:matt_wright_guestbook:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C685C436-6F64-4EF5-ADEF-CE351A57E065",
                     versionEndIncluding: "2.3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.",
      },
   ],
   id: "CVE-2006-1697",
   lastModified: "2024-11-21T00:09:31.077",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2006-04-11T10:02:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://liz0zim.no-ip.org/mattguestbook.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/19586",
      },
      {
         source: "cve@mitre.org",
         url: "http://securityreason.com/securityalert/681",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/24479",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/430356/100/0/threaded",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/17438",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2006/1287",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://liz0zim.no-ip.org/mattguestbook.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/19586",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securityreason.com/securityalert/681",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/24479",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/430356/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/17438",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2006/1287",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2006-04-11 10:02
Modified
2024-11-21 00:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.
Impacted products
Vendor Product Version
matt_wright matt_wright_guestbook *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:matt_wright:matt_wright_guestbook:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C685C436-6F64-4EF5-ADEF-CE351A57E065",
                     versionEndIncluding: "2.3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.",
      },
   ],
   id: "CVE-2006-1698",
   lastModified: "2024-11-21T00:09:31.227",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2006-04-11T10:02:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/19586",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2006/1287",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/19586",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2006/1287",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
1999-09-13 04:00
Modified
2024-11-20 23:30
Severity ?
Summary
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
Impacted products
Vendor Product Version
apache http_server 1.3.9
matt_wright matt_wright_guestbook 2.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "19C8989C-D8A6-4AE9-99B6-F2DAE5999EB6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:matt_wright:matt_wright_guestbook:2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "68093AEC-1493-486F-BD00-3E90A505E035",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "guestbook.pl cleanses user-inserted SSI commands by removing text between \"<!--\" and \"-->\" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides \"-->\".",
      },
   ],
   id: "CVE-1999-1053",
   lastModified: "2024-11-20T23:30:10.573",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "1999-09-13T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/archive/1/33674",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/archive/82/27296",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/archive/82/27560",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/776",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/archive/1/33674",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/archive/82/27296",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/archive/82/27560",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/776",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}