CVE-2006-3617
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/07/2006
Last modified:
03/04/2025
Description
Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag. NOTE: some vectors might overlap CVE-2006-2975, although the use of alternate manipulations makes it unclear.
Impact
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:pixelated_by_lev:pixelated_by_lev_guestbook:1.32:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.neosecurityteam.net/index.php?action=advisories&id=23
- http://www.securityfocus.com/archive/1/439486/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27006
- http://www.neosecurityteam.net/index.php?action=advisories&id=23
- http://www.securityfocus.com/archive/1/439486/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27006