Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Syguestbook A5 Project Subscribe

Filtered by product Syguestbook A5

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-13948	1 Syguestbook A5 Project	1 Syguestbook A5	2019-07-18	3.5 LOW	5.4 MEDIUM
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element.
CVE-2019-13949	1 Syguestbook A5 Project	1 Syguestbook A5	2019-07-18	6.8 MEDIUM	8.8 HIGH
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change.
CVE-2019-13950	1 Syguestbook A5 Project	1 Syguestbook A5	2019-07-18	3.5 LOW	5.4 MEDIUM
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment.