2025-12-15 20:28:19
VulnCheck
PUBLISHED
JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the q URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS payloads to steal session tokens or execute arbitrary JavaScript in victims browsers.