Vulnerability Summary Overview Vulnerability Name: Advanced Guestbook 2.4.4 - Persistent Cross-Site Scripting (XSS) in 'Smilies' EDB-ID: 49875 Publication Date: 2021-05-17 Category: Webapps Platform: PHP Description: In Advanced Guestbook version 2.4.4, an attacker can inject malicious JavaScript code via the 'Smilies' editing feature. When the administrator views the smiley list, the code is executed, resulting in a persistent XSS vulnerability. Impact Scope Affected Software: Advanced Guestbook Affected Versions: 2.4.4 Vulnerable Parameter: (POST request) Attack Payload: Exploitation Conditions: Requires administrator privileges (authorized user) Remediation Vendor Homepage: https://www.ampps.com/apps/guestbooks/Advanced_Guestbook Software Download: https://www.ampps.com/apps/guestbooks/Advanced_Guestbook Recommendation: Upgrade to an unaffected version, or implement strict input validation and output encoding for the parameter. Proof of Concept (POC)