|Description||An easy, free and databaseless web portal, will allow you to generate very easily a complete and interactive web site.|
|Impact||Cross-site scripting (XSS) vulnerability (CWE-79)|
|Affected version||4.6.13a, older versions are likely to be affected|
|Description||Two vulnerabilities were fixed in version 4.6.14.
Cross-site scripting (XSS) vulnerabilities allow remote attackers to inject persistent arbitrary web script via « your website » field in the user profil and in the gold book. The vulnerabilities were due to a bad filtering of double quote in this field.
|Exploit||Private exploit exists.|
|CVSS v2 base score||6.8 (AV:N/AC:M/Au:N/C:P/I:N/A:N)|
|Solution||Upgrade to version 4.6.14|
|CVE||no CVE affected|
|These are old vulnerabilities and there are others security fixs existing for GuppY since this one. It’s recommanded to use the latest version. Security recommandation for GuppY are available at www.freeguppy.org|