Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote malicious users to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
project alumni project alumni 1.0.9 |