https://www.exploit-db.com/exploits/23332
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200311-019

MPMGuestbook1.2版本存在跨站脚本(XSS)漏洞。远程攻击者可以通过lng参数注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/8958/info

MPM Guestbook is reported to be prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of HTML from URI parameters, which will be displayed in web pages that are dynamically generated by the software.

An attacker could exploit this issue by enticing a user to follow a malicious link. This could theoretically allow for theft of cookie-based authentication credentials or other attacks. 

http://www.example.com/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E

来源:XF
名称:mpmguestbook-ing-xss(13575)
链接:http://xforce.iss.net/xforce/xfdb/13575
来源:BID
名称:8958
链接:http://www.securityfocus.com/bid/8958
来源:OSVDB
名称:2754
链接:http://www.osvdb.org/2754
来源:SECUNIA
名称:10122
链接:http://secunia.com/advisories/10122