s0nic Paranews 3.4 - Cross-Site Scripting via News.php ID or Page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action.
Dynamic MP3 Lister 2.0.1 - Cross-Site Scripting via currentpath invert search or sort Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) currentpath, (2) invert, (3) search, and (4) sort parameters.