Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1.

Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php.

Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information.

Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php.

Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter.