Security Vulnerability with megaBook guestbook V2.0

[10010110]

I received a notice by SecurityMetrics that there is a security issue on the server of a website of my client that is powered by CMSmadesimple and the exact notice says:

Protocol
Port
Program
Risk
Summary


TCP
443
https
7
A cross site scripting vulnerability was found on the server. This vulnerability has been associated with megaBook guestbook V2.0. Solution: Contact the vendor for a patch. Risk: High.

I can't figure out what is causing this as I don't see anything on the server that could have to do with it (the website doesn't have a guestbook) and I haven't found anything here that states CMSmadesimple is using this "megaBook guestbook".
Does this probably have anything to do with CMSmadesimple or a module thereof or is it inheriting anything that could have to do with it?
There are other CMS powered websites on the same server that don't have this issue...

I have attached the full report. The issue appears on page 2.

Thanks a lot for your help.

...

Dammit! I can't attach the file, although it's the right format (PDF) and should be small enough (84KB)... If anybody wants to review it contact me and I'll send it by mail.

[Ted]

CMSMS isn't using the megaBook guestbook in the core.  It possibly could be in a 3rd party module, but I seriously doubt it.  Could it be possible that there are several sites on the same server and that it's on a different site?

Why would it be on https?  That seems kind of strange.

[10010110]

Thanks for that quick answer.
Yeah, as I said there are other sites on this server but on none of them is this security issue appearing. I, too, was wondering why it is on https... there's no SSL page with this website...
Very weird, indeed. OK, so the issue must be somewhere else. I'm glad it's not the CMS.

Thanks.