Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) imageright, (4) imgright, (5) imageleft, and (6) imgleft tags.
Publication date: Tue, 31 Dec 2002 11:00:00 +0000