CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 4CVE-2003-1535 – Justice Guestbook 1.3 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2003-1535
31 Dec 2003 — Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. • https://www.exploit-db.com/exploits/22444 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2003-1534
https://notcve.org/view.php?id=CVE-2003-1534
31 Dec 2003 — Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables. • http://secunia.com/advisories/8475 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •