-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------
SySS-Advisory: XSS-vulnerability in guestbook-php-script
- -------------------------------------------------------------------

Problem discovered: 		February	3d   2006
Vendor contacted: 		February 	7th  2006
Advisory published: 		February 	13th 2006

AUTHOR: Micha Borrmann (borrmann@syss.de)
        SySS GmbH
        D-72070 Tuebingen / Germany

APPLICATION:		gastbuch
AFFECTED VERSION: 	all < 1.3.3 (1.3.2 tested)

Remotely exploitable: 	Yes

SEVERITY: Medium

DESCRIPTION:
The guestbook software published on http://www.php4scripte.de/gast.php
allows HTML- and javascriptcode to be injected in the "URL"-field.

EXAMPLE:
http://www.site.com/"<script>alert(123)</script>"

VENDOR STATUS: The vendor published a fixed version (1.3.3) on
http://www.php4scripte.de
less than five hours after the problem was reported.

-----BEGIN PGP SIGNATURE-----

iD8DBQFD8LQv5r2byszldyARAl9IAJ9n+jrUZnCExYy2B+Gc3nbDZ7h6EQCfYi4q
sPY/y7iexfBvUzOoq69DnuQ=
=XMsJ
-----END PGP SIGNATURE-----