html Guest Gear suffers from html injection and XSS.
ba51548b93633a5680eba41409e959f27da2077810a0b605e0adca0537446595
htmls guest gear (all pages that look like this http://htmlgear.tripod.com/guest/control.guest?a=sign) has an exploit where you can inject html and javascript into there guestbook by doing the following
<br iframe src=javascript:alert("hi")>></br>
you can put any html or javascript in there. you can find vunrable page by doing the following google search
site:http://htmlgear.tripod.com/guest/control.guest?a=sign