Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 1.7 allows remote attackers to inject arbitrary web script or HTML via the email parameter, as used by the email field, when signing a guestbook.

SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field.

Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php.

Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters.

PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter.

episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.

Cross-site scripting (XSS) vulnerability in default.asp for episodex guestbook allows remote attackers to inject arbitrary web script or HTML via the Name field and other fields.

HTMLJunction EZGuestbook stores the guestbook.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the administrative password.

Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook 1.0, 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message.

SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter.