COMMAND FipsGuestbook script injection SYSTEMS AFFECTED Version 1.12.7 PROBLEM Black Tigerz Research Group reported about FipsGuestbook. Written entirely in ASP and VBScript, easy to install ASP guestbook manager with web based administration panel. Vulnerability: new_entry.asp neglects filtering user input allowing for script injection to the guestbook via "Name" field. The injected script will be executed in anyones browser who visits the guestbook. SOLUTION ??