CVE-2007-6541

Neuron News 1.0 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in patch/.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/485176/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/3489

Scores

EPSS 0.0025

EPSS Percentile 47.6%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

neuron_news/neuron_news

Timeline

Published Dec 27, 2007

Tracked Since Feb 18, 2026