Ocean12 Guestbook XSS

This script is Copyright (C) 2003-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server has an application that is affected by
a cross-site scripting vulnerability.

Description :

The remote server is running Ocean12 GuestBook, a set of scripts
to manage an interactive guestbook.

An attacker may use this module to inject malicious HTML code in your
site, which may be used to steal users' cookies or to simply annoy
them.

Solution :

Disable this software.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 11537 ()

Bugtraq ID: 7329

CVE ID: