Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.
https://exchange.xforce.ibmcloud.com/vulnerabilities/12235
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0132.html