|
Description
|
|
Multiple vulnerabilities have been identified in Guestbox, which could be exploited by attackers to bypass security restrictions, execute arbitrary scripting code, and gain knowledge of sensitive information.
The first flaw is due to an input validation error in the "guestbox.php" script that does not properly validate the "url" variable, which could be exploited by attackers to cause malicious scripting code to be executed by the user's browser.
The second vulnerability is due to an access validation error in the "comment" module when processing the "text" parameter, which could be exploited by remote attackers to post arbitrary comments without being authenticated as an administrator.
The third issue is due to a design error where users' IP addresses are stored in the publicly accessible "gb/gblog" file, which could be exploited by attackers to disclose sensitive information.
|
