CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-5026

Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.7%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2011-5026

Winn » Winn Guestbook » Version: Any

cpe:2.3:a:winn:winn_guestbook:*
Winn » Winn Guestbook » Version: 2.4.1

cpe:2.3:a:winn:winn_guestbook:2.4.1
Winn » Winn Guestbook » Version: 2.4.2

cpe:2.3:a:winn:winn_guestbook:2.4.2
Winn » Winn Guestbook » Version: 2.4.3

cpe:2.3:a:winn:winn_guestbook:2.4.3
Winn » Winn Guestbook » Version: 2.4.4

cpe:2.3:a:winn:winn_guestbook:2.4.4
Winn » Winn Guestbook » Version: 2.4.5

cpe:2.3:a:winn:winn_guestbook:2.4.5
Winn » Winn Guestbook » Version: 2.4.6

cpe:2.3:a:winn:winn_guestbook:2.4.6
Winn » Winn Guestbook » Version: 2.4.7

cpe:2.3:a:winn:winn_guestbook:2.4.7
Winn » Winn Guestbook » Version: 2.4.8b

cpe:2.3:a:winn:winn_guestbook:2.4.8b

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-5026

Products

Pricing

Contact Us