Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote malicious users to inject arbitrary web script or HTML via the year parameter.
source: wwwsecurityfocuscom/bid/24311/info
My DataBook is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vul ...