Morinex Eneco

**Name of the Vulnerable Software and Affected Versions** Skull-Splitter Guestbook versions 1.0 through 2.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `title` or `content` of a message, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For Skull-Splitter Guestbook versions 1.0 through 2.2, consider disabling the message posting feature until a patch is available to prevent exploitation. Restrict access to the `title` and `content` fields of a message to minimize the risk of XSS attacks.