CVE-2006-3616
CVE-2006-3616
Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in codes-english.php and (2) the img parameter in picture.php, after the name of an existing file.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/28211unverifiedexploitdbwww.exploit-db.com/exploits/28212unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/21034http://securitytracker.com/id?1016486https://exchange.xforce.ibmcloud.com/vulnerabilities/27714https://exchange.xforce.ibmcloud.com/vulnerabilities/27716http://www.osvdb.org/27089http://www.osvdb.org/27090http://www.securityfocus.com/archive/1/439904/100/0/threadedhttp://www.securityfocus.com/bid/18956http://www.vupen.com/english/advisories/2006/2784