ID CVE-2006-1575 Type cve Reporter NVD Modified 2017-07-19T21:30:43
Description
Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters.
{"result": {"osvdb": [{"id": "OSVDB:24290", "type": "osvdb", "title": "QLnews news.php Multiple Variable XSS", "description": "## Vulnerability Description\nQLnews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'autorx' and 'newsx' variables upon submission to the news.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nQLnews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'autorx' and 'newsx' variables upon submission to the news.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.vscripts.pl/\n[Secunia Advisory ID:19479](https://secuniaresearch.flexerasoftware.com/advisories/19479/)\n[Related OSVDB ID: 24291](https://vulners.com/osvdb/OSVDB:24291)\nOther Advisory URL: http://evuln.com/vulns/113/summary.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0230.html\nKeyword: EV0113\nISS X-Force ID: 25546\n[CVE-2006-1575](https://vulners.com/cve/CVE-2006-1575)\nBugtraq ID: 17335\n", "published": "2006-03-30T02:02:35", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:24290", "cvelist": ["CVE-2006-1575"], "lastseen": "2017-04-28T13:20:21"}]}}