Jax Scripts Jax Guestbook vulnerabilities
4 known vulnerabilities affecting jax_scripts/jax_guestbook.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2009-4447P3HIGHCVSS 7.5PoCv3.5.02009-12-29
CVE-2009-4447 [HIGH] CWE-287 CVE-2009-4447: Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settin
Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.
nvd
CVE-2005-4880P4MEDIUMCVSS 5.0PoCv3.1v3.3.12009-03-31
CVE-2005-4880 [MEDIUM] CWE-264 CVE-2005-4880: Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access
Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.
nvd
CVE-2006-1913P4MEDIUMCVSS 6.8PoC≤ 3.502006-04-20
CVE-2006-1913 [MEDIUM] CVE-2006-1913: Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 a
Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
nvd
CVE-2005-4879P4MEDIUMCVSS 4.3PoCv3.1v3.312009-03-31
CVE-2005-4879 [MEDIUM] CWE-79 CVE-2005-4879: Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.
Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters. NOTE: the page parameter is already covered by CVE-2006-1913. NOTE: it was later reported that 3.50 is also affected.
nvd