Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27160
http://pridels0.blogspot.com/2006/06/axentguestbook-ii-xss-vuln.html