Vulnerability Name: OpenGuestbook Cross Site Scripting & SQL Injection Risk: Low Local: No Remote: Yes Product: Open Guestbook 0.5 Site: http://sourceforge.net/projects/openguestbook Discovered by: Moroccan Security Team (Simo64) CVE: CVE-2006-3296 CWE: CWE-89 Cross Site Scripting (XSS) Vulnerable Code: In on line 5: Exploit: Solution: Edit line 5 in to: SQL Injection Vulnerable Code: Near lines 23-28 in Exploit: Solution: Edit line 23 in to add validation: