Stored XSS vulnerability in SyGuestBook A5 Version 1.2

Stored XSS vulnerability in SyGuestBook A5 Version 1.2

CVE-2019-13948 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element.

Learn more about our Web Application Penetration Testing UK.