Site Studio guestbook does not filter HTML code from user-supplied input. A remote user can create a specially crafted entry that, when the page rendered, will cause arbitrary scripting to be executed by the user’s browser.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/39118/EXPL-A-2005-008-sitestudio.txt
Source: https://packetstormsecurity.com/files/39118/Exploit-Labs-Security-Advisory-2005.8.html