Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 autorx and 2 newsx parameters...