Martin Bauer: >> Gbook >> 1.4 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) name, (2) email, (3) city, and (4) message, which do not use the <script> and <style> tags, which are filtered by PHP-Nuke.
CVSS Score
4.3
EPSS Score
0.004
Published
2004-12-31
Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is not cleansed by PHP-Nuke.
CVSS Score
4.3
EPSS Score
0.004
Published
2004-12-31
index.php in gBook 1.4 allows remote attackers to bypass authentication and gain administrative privileges by setting the login parameter to true.
CVSS Score
10.0
EPSS Score
0.038
Published
2003-03-31