Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpfreenews phpfreenews 1.40 |