CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2009-2440 – JNM Guestbook 3.0 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-2440
13 Jul 2009 — Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en index.php en JNM Guestbook 3.0 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro page. • https://www.exploit-db.com/exploits/34806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2008-3320 – Maian Guestbook 3.2 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3320
25 Jul 2008 — admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. admin/index.php de Maian Guestbook 3.2 y anteriores permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie gbook_cookie de su elección. • https://www.exploit-db.com/exploits/6061 • CWE-287: Improper Authentication •