Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for matt_wright_guestbook by matt_wright

    CVE-2006-1697 (GCVE-0-2006-1697)

    Vulnerability from nvd – Published: 2006-04-11 10:00 – Updated: 2024-08-07 17:19
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/17438 vdb-entryx_refsource_BID
    http://www.osvdb.org/24479 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/19586 third-party-advisoryx_refsource_SECUNIA
    http://liz0zim.no-ip.org/mattguestbook.html x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/1287 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/430356/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/681 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-04-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:19:49.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "17438",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17438"
              },
              {
                "name": "24479",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24479"
              },
              {
                "name": "19586",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19586"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://liz0zim.no-ip.org/mattguestbook.html"
              },
              {
                "name": "guestbook-guestbook-parameters-xss(25697)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
              },
              {
                "name": "ADV-2006-1287",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1287"
              },
              {
                "name": "20060408 Matt Wright Guestbook Xss Script \u0026#304;njection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/430356/100/0/threaded"
              },
              {
                "name": "681",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/681"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "17438",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17438"
            },
            {
              "name": "24479",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24479"
            },
            {
              "name": "19586",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19586"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://liz0zim.no-ip.org/mattguestbook.html"
            },
            {
              "name": "guestbook-guestbook-parameters-xss(25697)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
            },
            {
              "name": "ADV-2006-1287",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1287"
            },
            {
              "name": "20060408 Matt Wright Guestbook Xss Script \u0026#304;njection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/430356/100/0/threaded"
            },
            {
              "name": "681",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/681"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1697",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "17438",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17438"
                },
                {
                  "name": "24479",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24479"
                },
                {
                  "name": "19586",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19586"
                },
                {
                  "name": "http://liz0zim.no-ip.org/mattguestbook.html",
                  "refsource": "MISC",
                  "url": "http://liz0zim.no-ip.org/mattguestbook.html"
                },
                {
                  "name": "guestbook-guestbook-parameters-xss(25697)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
                },
                {
                  "name": "ADV-2006-1287",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1287"
                },
                {
                  "name": "20060408 Matt Wright Guestbook Xss Script \u0026#304;njection",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/430356/100/0/threaded"
                },
                {
                  "name": "681",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/681"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1697",
        "datePublished": "2006-04-11T10:00:00.000Z",
        "dateReserved": "2006-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:19:49.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1698 (GCVE-0-2006-1698)

    Vulnerability from nvd – Published: 2006-04-11 10:00 – Updated: 2024-08-07 17:19
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/19586 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/1287 vdb-entryx_refsource_VUPEN
    Date Public
    2006-04-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:19:49.401Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19586",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19586"
              },
              {
                "name": "guestbook-guestbook-parameters-xss(25697)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
              },
              {
                "name": "ADV-2006-1287",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1287"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19586",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19586"
            },
            {
              "name": "guestbook-guestbook-parameters-xss(25697)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
            },
            {
              "name": "ADV-2006-1287",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1287"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1698",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19586",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19586"
                },
                {
                  "name": "guestbook-guestbook-parameters-xss(25697)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
                },
                {
                  "name": "ADV-2006-1287",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1287"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1698",
        "datePublished": "2006-04-11T10:00:00.000Z",
        "dateReserved": "2006-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:19:49.401Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-1999-1053 (GCVE-0-1999-1053)

    Vulnerability from nvd – Published: 2001-09-12 04:00 – Updated: 2024-08-01 16:55
    VLAI
    Summary
    guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/82/27296 mailing-listx_refsource_VULN-DEV
    http://www.securityfocus.com/bid/776 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/33674 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/82/27560 mailing-listx_refsource_VULN-DEV
    Date Public
    1999-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T16:55:29.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19990913 Guestbook perl script (long)",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULN-DEV",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/82/27296"
              },
              {
                "name": "776",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/776"
              },
              {
                "name": "19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/33674"
              },
              {
                "name": "19990916 Re: Guestbook perl script (error fix)",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULN-DEV",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/82/27560"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "1999-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "guestbook.pl cleanses user-inserted SSI commands by removing text between \"\u003c!--\" and \"--\u003e\" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides \"--\u003e\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-01-10T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19990913 Guestbook perl script (long)",
              "tags": [
                "mailing-list",
                "x_refsource_VULN-DEV"
              ],
              "url": "http://www.securityfocus.com/archive/82/27296"
            },
            {
              "name": "776",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/776"
            },
            {
              "name": "19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/33674"
            },
            {
              "name": "19990916 Re: Guestbook perl script (error fix)",
              "tags": [
                "mailing-list",
                "x_refsource_VULN-DEV"
              ],
              "url": "http://www.securityfocus.com/archive/82/27560"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-1999-1053",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "guestbook.pl cleanses user-inserted SSI commands by removing text between \"\u003c!--\" and \"--\u003e\" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides \"--\u003e\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19990913 Guestbook perl script (long)",
                  "refsource": "VULN-DEV",
                  "url": "http://www.securityfocus.com/archive/82/27296"
                },
                {
                  "name": "776",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/776"
                },
                {
                  "name": "19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/33674"
                },
                {
                  "name": "19990916 Re: Guestbook perl script (error fix)",
                  "refsource": "VULN-DEV",
                  "url": "http://www.securityfocus.com/archive/82/27560"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-1999-1053",
        "datePublished": "2001-09-12T04:00:00.000Z",
        "dateReserved": "2001-08-31T00:00:00.000Z",
        "dateUpdated": "2024-08-01T16:55:29.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1697 (GCVE-0-2006-1697)

    Vulnerability from cvelistv5 – Published: 2006-04-11 10:00 – Updated: 2024-08-07 17:19
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/17438 vdb-entryx_refsource_BID
    http://www.osvdb.org/24479 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/19586 third-party-advisoryx_refsource_SECUNIA
    http://liz0zim.no-ip.org/mattguestbook.html x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/1287 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/430356/100… mailing-listx_refsource_BUGTRAQ
    http://securityreason.com/securityalert/681 third-party-advisoryx_refsource_SREASON
    Date Public
    2006-04-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:19:49.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "17438",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17438"
              },
              {
                "name": "24479",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/24479"
              },
              {
                "name": "19586",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19586"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://liz0zim.no-ip.org/mattguestbook.html"
              },
              {
                "name": "guestbook-guestbook-parameters-xss(25697)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
              },
              {
                "name": "ADV-2006-1287",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1287"
              },
              {
                "name": "20060408 Matt Wright Guestbook Xss Script \u0026#304;njection",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/430356/100/0/threaded"
              },
              {
                "name": "681",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/681"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "17438",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17438"
            },
            {
              "name": "24479",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/24479"
            },
            {
              "name": "19586",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19586"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://liz0zim.no-ip.org/mattguestbook.html"
            },
            {
              "name": "guestbook-guestbook-parameters-xss(25697)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
            },
            {
              "name": "ADV-2006-1287",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1287"
            },
            {
              "name": "20060408 Matt Wright Guestbook Xss Script \u0026#304;njection",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/430356/100/0/threaded"
            },
            {
              "name": "681",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/681"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1697",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "17438",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17438"
                },
                {
                  "name": "24479",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/24479"
                },
                {
                  "name": "19586",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19586"
                },
                {
                  "name": "http://liz0zim.no-ip.org/mattguestbook.html",
                  "refsource": "MISC",
                  "url": "http://liz0zim.no-ip.org/mattguestbook.html"
                },
                {
                  "name": "guestbook-guestbook-parameters-xss(25697)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
                },
                {
                  "name": "ADV-2006-1287",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1287"
                },
                {
                  "name": "20060408 Matt Wright Guestbook Xss Script \u0026#304;njection",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/430356/100/0/threaded"
                },
                {
                  "name": "681",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/681"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1697",
        "datePublished": "2006-04-11T10:00:00.000Z",
        "dateReserved": "2006-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:19:49.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1698 (GCVE-0-2006-1698)

    Vulnerability from cvelistv5 – Published: 2006-04-11 10:00 – Updated: 2024-08-07 17:19
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/19586 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2006/1287 vdb-entryx_refsource_VUPEN
    Date Public
    2006-04-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:19:49.401Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19586",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19586"
              },
              {
                "name": "guestbook-guestbook-parameters-xss(25697)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
              },
              {
                "name": "ADV-2006-1287",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1287"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19586",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19586"
            },
            {
              "name": "guestbook-guestbook-parameters-xss(25697)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
            },
            {
              "name": "ADV-2006-1287",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1287"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1698",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19586",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19586"
                },
                {
                  "name": "guestbook-guestbook-parameters-xss(25697)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
                },
                {
                  "name": "ADV-2006-1287",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1287"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1698",
        "datePublished": "2006-04-11T10:00:00.000Z",
        "dateReserved": "2006-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:19:49.401Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-1999-1053 (GCVE-0-1999-1053)

    Vulnerability from cvelistv5 – Published: 2001-09-12 04:00 – Updated: 2024-08-01 16:55
    VLAI
    Summary
    guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/82/27296 mailing-listx_refsource_VULN-DEV
    http://www.securityfocus.com/bid/776 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/33674 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/82/27560 mailing-listx_refsource_VULN-DEV
    Date Public
    1999-11-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T16:55:29.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "19990913 Guestbook perl script (long)",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULN-DEV",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/82/27296"
              },
              {
                "name": "776",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/776"
              },
              {
                "name": "19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/33674"
              },
              {
                "name": "19990916 Re: Guestbook perl script (error fix)",
                "tags": [
                  "mailing-list",
                  "x_refsource_VULN-DEV",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/82/27560"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "1999-11-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "guestbook.pl cleanses user-inserted SSI commands by removing text between \"\u003c!--\" and \"--\u003e\" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides \"--\u003e\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-01-10T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "19990913 Guestbook perl script (long)",
              "tags": [
                "mailing-list",
                "x_refsource_VULN-DEV"
              ],
              "url": "http://www.securityfocus.com/archive/82/27296"
            },
            {
              "name": "776",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/776"
            },
            {
              "name": "19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/33674"
            },
            {
              "name": "19990916 Re: Guestbook perl script (error fix)",
              "tags": [
                "mailing-list",
                "x_refsource_VULN-DEV"
              ],
              "url": "http://www.securityfocus.com/archive/82/27560"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-1999-1053",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "guestbook.pl cleanses user-inserted SSI commands by removing text between \"\u003c!--\" and \"--\u003e\" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides \"--\u003e\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "19990913 Guestbook perl script (long)",
                  "refsource": "VULN-DEV",
                  "url": "http://www.securityfocus.com/archive/82/27296"
                },
                {
                  "name": "776",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/776"
                },
                {
                  "name": "19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/33674"
                },
                {
                  "name": "19990916 Re: Guestbook perl script (error fix)",
                  "refsource": "VULN-DEV",
                  "url": "http://www.securityfocus.com/archive/82/27560"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-1999-1053",
        "datePublished": "2001-09-12T04:00:00.000Z",
        "dateReserved": "2001-08-31T00:00:00.000Z",
        "dateUpdated": "2024-08-01T16:55:29.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }