Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php.
http://www.vupen.com/english/advisories/2006/0018
http://www.securityfocus.com/bid/16114
http://www.securityfocus.com/archive/1/444320/100/0/threaded
http://www.securityfocus.com/archive/1/420673/100/0/threaded
http://sourceforge.net/project/shownotes.php?release_id=442067&group_id=117067
http://securityreason.com/securityalert/316