Toms Gästebuch Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID:	25507
Class:	Input Validation Error
CVE:	CVE-2007-4711
Remote:	Yes
Local:	No
Published:	Sep 07 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	[email protected] is credited with discovering these issues.
Vulnerable:	Toms-Seiten.at Toms Gastebuch 1.00
Not Vulnerable:	Toms-Seiten.at Toms Gastebuch 1.01

Toms Gästebuch Multiple Cross-Site Scripting Vulnerabilities

Toms Gästebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Toms Gästebuch versions prior to 1.01 are vulnerable.

Toms Gästebuch Multiple Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

The following example URIs are available:

http://www.example.com/form.php?action=show&homepage=[XSS]&mail=[XSS]&name=[XSS]
http://www.example.com/admin/header.php?language=[XSS]&anzeigebreite=[XSS]
http://www.example.com/install.php?msg=[XSS]

Toms Gästebuch Multiple Cross-Site Scripting Vulnerabilities

Solution:
The vendor released an update to address this issue. Please see the references for more information.


Toms-Seiten.at Toms Gastebuch 1.00

• Toms-Seiten.at guest1001.zip
  http://www.toms-seiten.at/iv_downloads/agb.php?dl_id=3&language=de&dl_ header=Download:%A0Toms%20G%E4stebuch%A01.01&jumpfrom=

Toms Gästebuch Multiple Cross-Site Scripting Vulnerabilities

References:

• Toms Gästebuch Download Page (Toms-Seiten.at)
  
• Toms Gästebuch 1.00 - XSS ([email protected])