Hibyte HiGuest Message Field HTML Injection Vulnerability

info
discussion
exploit
solution
references

Hibyte HiGuest Message Field HTML Injection Vulnerability

Hibyte's HiGuest guestbook software is prone to HTML injection attacks. This issue is exposed via the message form field in the guestbook entry submission form.

Exploitation could permit remote attackers to persistently inject hostile HTML and script code into guestbook content. This could allow for theft of cookie-based authentications or other attacks, such as those which misrepresent guestbook content.