New eVuln Advisory: Multiple XSS in MCG GuestBook Summary: http://evuln.com/vulns/144/summary.html Details: http://evuln.com/vulns/144/description.html -----------Summary----------- eVuln ID: EV0144 Software: MCG GuestBook Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross Site Scripting Status: Unpatched. No reply from developer(s) PoC: Available Solution: Not available Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) --------Description-------- All vulnerabilities found in gb.cgi script. It doesn't have proper XSS sanitation filters. XSS vulnerable parameters: * name * email * website * message All these parameters are not sanitized. This can be used to insert any html or script code. Admin panel is vulnerable also --------PoC/Exploit-------- XSS poc code All form parameters dont pass any XSS sanitation filters. XSS Examples. Parameter "name": Parameter "email": " Parameter "website": " Parameter "message": ---------Solution---------- Not available ----------Credit----------- Vulnerability discovered by Aliaksandr Hartsuyeu http://evuln.com/tool/php-security.html - online php source analyzer.