Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO.
winn winn guestbook 2.4