← back
CVE-2021-47950

Advanced Guestbook 2.4.4 Persistent XSS via Smilies

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the s_emotion parameter. Attackers can submit POST requests to admin.php with JavaScript code in the s_emotion field, which executes when administrators view the smilies tab.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
Ampps · Advanced Guestbook
public PoCs found1
cve_referencewww.exploit-db.com/exploits/49875unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.ampps.com/apps/guestbooks/Advanced_Guestbookhttps://www.exploit-db.com/exploits/49875https://www.vulncheck.com/advisories/advanced-guestbook-persistent-xss-via-smilies