CVE-2007-2300
Multiple cross-site scripting XSS vulnerabilities in Endy Kristanto Surat kabar / News Management Online aka phpwebnews 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the mtxt parameter to 1 iklan.php, 2 index.php, or 3 bukutamu.php...