2 matches found
CVE-2009-4348
Cross-site scripting XSS vulnerability in index.php in Harold Bakker's NewsScript HB-NS 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146...
CVE-2006-2146
HB-NS (Harold Bakker’s NewsScript) 1.1.6 contains multiple cross-site scripting (XSS) vulnerabilities in index.php. The CVE-2006-2146 entry states remote attackers can inject arbitrary script/HTML via the (1) poster_name, (2) poster_email, (3) poster_homepage, or (4) message parameters. The NVD e...