2 matches found
CVE-2006-2500
Cross-site scripting XSS vulnerability in addnews.asp in CodeAvalanche News CANews 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate...
CVE-2006-2500
CANews 1.2 is affected by a Cross-Site Scripting (XSS) vulnerability in add_news.asp where the Headline field accepts input that can inject arbitrary script/HTML. The root cause is insufficient input sanitization for that field, enabling remote attackers to execute script in a victim’s browser. T...