Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Successful exploitation requires that "register_globals" is enabled.
Publication date: Thu, 07 Dec 2006 07:28:00 +0000