XSS Vulnerability in MWGuest Summary Vulnerability: XSS Vulnerability in MWGuest Discovered: 2006.04.06 Last Update: 2006.04.17 Exploitation code published ID: EV0122 CVE: CVE-2006-1979 Risk Level: Low Type: Cross Site Scripting Status: Unpatched. No reply from developer(s) Vendor: Manic Web Vulnerable Software: MWGuest (http://www.manicweb.co.uk/) Version: 2.1.0 PoC/Exploit: Available Solution: Not available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Description Vulnerable Script: mwguest.php Parameter: homepage is not properly sanitized. This can be used to post arbitrary HTML or web script code. Condition: magic_quotes_gpc = off PoC/Exploit URL: http://[host]/mwguest/mwguest.php Homepage: ">>(XSS)<aaa aaa=" Solution Solution for "XSS Vulnerability in MWGuest" is not available. Check Manic Web website for updates.