Summary
The remote host is running the Episodex Guestbook, a guestbook written in ASP.
The remote version of this software contains an input validation flaw leading to the execution on attacker supplied HTML and script code. In addition an unauthenticated remote attacker can directly access administrator functions.
Solution
None at this time
Severity
Classification
-
CVE CVE-2005-1684 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache Tomcat Directory Listing and File disclosure
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- Apache Tomcat Information Disclosure Vulnerability