CVE-2006-6356
PHPNews 1.3.0 - Cross-Site Scripting via URL, ID, Subject, Username, or Time Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-6356. PoCs published by Detefix.
AI-analyzed exploit summary The provided text describes multiple XSS vulnerabilities in PHPNews 1.3.0 due to insufficient input sanitization. It includes example URLs demonstrating how arbitrary script code can be executed in a user's browser context.
Description
Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter.
Exploits (1)
The provided text describes multiple XSS vulnerabilities in PHPNews 1.3.0 due to insufficient input sanitization. It includes example URLs demonstrating how arbitrary script code can be executed in a user's browser context.