Lycos HTMLGear Guestbook Script Injection Vulnerability

["Matthew Murphy" <mattmurphy () kc rr com>]

Lycos offers several advanced web applications through a service called
HTMLGear.  Among the services offered are guestbooks.  A vulnerability
exists in the Lycos guestbook that could enable someone to launch an attack
against visitors whose browsers supported inline CSS (IE, for example).

By specifying an e-mail address/web page URL like the following:

" STYLE="expression([javascript])

The JavaScript block will execute.  Some less-paranoid versions of the
guestbook also allow a typical IMG attack:

<IMG SRC="javascript:[javascript]">

This will yield the same results in many cases.