AN Guestbook Unspecified Cross-Site Scripting Vulnerabilities

Bugtraq ID:	30830
Class:	Input Validation Error
CVE:	CVE-2008-3847
Remote:	Yes
Local:	No
Published:	Aug 25 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	These issues were reported by the vendor.
Vulnerable:	AN Guestbook AN Guestbook 0.7.5 AN Guestbook AN Guestbook 0.7 AN Guestbook AN Guestbook 0.4
Not Vulnerable:	AN Guestbook AN Guestbook 0.7.6

AN Guestbook Unspecified Cross-Site Scripting Vulnerabilities

AN Guestbook is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to AN Guestbook 0.7.6 are vulnerable.

AN Guestbook Unspecified Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues by enticing an unsuspecting victim to follow malicious URIs.

AN Guestbook Unspecified Cross-Site Scripting Vulnerabilities

Solution:
The vendor has released an update. Please see the references for more information.


AN Guestbook AN Guestbook 0.4

• AN Guestbook ang_0_7_6.zip
  http://downloads.sourceforge.net/aguestbook/ang_0_7_6.zip?modtime=1219 698770&big_mirror=0

AN Guestbook AN Guestbook 0.7

• AN Guestbook ang_0_7_6.zip
  http://downloads.sourceforge.net/aguestbook/ang_0_7_6.zip?modtime=1219 698770&big_mirror=0

AN Guestbook AN Guestbook 0.7.5

• AN Guestbook ang_0_7_6.zip
  http://downloads.sourceforge.net/aguestbook/ang_0_7_6.zip?modtime=1219 698770&big_mirror=0

AN Guestbook Unspecified Cross-Site Scripting Vulnerabilities

References:

• AN Guestbook Homepage (AN Guestbook)
  
• Version 0.7.6 released (AN Guestbook)