Vanilla Guestbook is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input that will be included in site output or in SQL queries.
Exploiting the cross-site scripting vulnerability may permit a remote attacker to steal cookie-based authentication credentials from legitimate users. Successful exploitation of SQL-injection vulnerabilities could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
No exploit is required.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:firstname.lastname@example.org.