2 matches found
CVE-2006-2678
Pre News Manager 1.0 is affected by multiple cross-site scripting (XSS) vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, and via the nid parameter to news_detail.php, email_story.php, thankyou.php, printable_view.php, tel...
CVE-2006-2763
CVE-2006-2763 describes a SQL injection vulnerability in Pre News Manager 1.0. An attacker can inject via the id parameter to index.php, or the nid parameter to news_detail.php, email_story.php, thankyou.php, printable_view.php, tella_friend.php, and send_comments.php, potentially allowing arbitr...