Stored XSS vulnerability in SyGuestBook A5 Version 1.2
CVE-2019-13948 · LOW Severity
AV:N/AC:M/AU:S/C:N/I:P/A:N
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element.
Learn more about our Web Application Penetration Testing UK.