PBL Guestbook v1.31 - XSS

[luny () youfucktard com]

PBLGuestbook v1.31

Homepage:
http://www.pixelatedbylev.com/

Effected files:
input boxes of the guestbook.

XSS Vulnerabilities PoC:

I noticed that common tags like <script> are filtered into the words "SCRIPT BLOCKED" in this guestbook, however img 
tags as well as others go unfiltered in the Name, Email,and Website boxes. In turn, this could cause an XSS 

attack to occur. For PoC just enter: <IMG SRC=javascript:alert('XSS')> in any of these boxes.