Cross-site scripting (XSS) vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter.
Software | From | Fixed in |
---|---|---|
frozenplague.net / plague_news_system | 0.4 | 0.4.x |
frozenplague.net / plague_news_system | 0.4rc3 | 0.4rc3.x |
frozenplague.net / plague_news_system | 0.4rc4 | 0.4rc4.x |
frozenplague.net / plague_news_system | 0.6 | 0.6.x |