CVE-2006-2837
Summary
| CVE | CVE-2006-2837 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-06-06 20:06:00 UTC |
| Updated | 2011-03-08 02:37:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book allows remote attackers to inject arbitrary web script or HTML via certain comment fields in the "Sign Our GuestBook" page, probably the x_Comments parameter to guestbookadd.asp. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Techno Dreams | Techno Dreams Guest Book | All | All | All | All |
| Application | Techno Dreams | Techno Dreams Guest Book | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Techno Dreams Guest Book "Comments" Script Insertion - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| colander.altervista.org/advisory/TDGuestBook.txt | MISC | colander.altervista.org | |
| Techno Dreams Guest Book Comment Field HTML Injection Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.