Lycos HTMLGear guestGear CSS HTML Injection Vulnerability

Lycos HTMLGear guestGear CSS HTML Injection Vulnerability

By specifying an e-mail address/web page URL like the following:

" STYLE="expression([javascript])

The JavaScript block will execute. Some less-paranoid versions of the
guestbook also allow a typical IMG attack:

<IMG SRC="javascript:[javascript]">