Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (ANG) before 0.7.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.