GuppY is reported to be prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input. The problem exists in the postguest module of the software. This issue may allow a remote attacker to execute HTML or script code in user's browser.
Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. Other attacks may also be possible.
- With a cookie named "GuppYUser" and with the value :