CVE-2006-3358

2006-07-06T20:05:00
ID CVE-2006-3358
Type cve
Reporter cve@mitre.org
Modified 2018-10-18T16:47:00

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim parameters, which are not sanitized before being returned in an error page. NOTE: it is possible that some of these vectors are resultant from an SQL injection issue.