CVE-2007-1142
Magic News Plus 1.0.2 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by HACKERS PAL · textwebappsphp
https://www.exploit-db.com/exploits/29628
exploitdb
WRITEUP
VERIFIED
by HACKERS PAL · textwebappsphp
https://www.exploit-db.com/exploits/29629
References (5)
Scores
EPSS
0.0159
EPSS Percentile
81.3%
Classification
CWE
CWE-79
Status
draft
Affected Products (1)
reamday_enterprises/magic_news_plus
Timeline
Published
Mar 02, 2007
Tracked Since
Feb 18, 2026