Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote malicious users to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate HTML, then this is not a vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xfairguy codeavalanche news 1.2 |