Emulamex

**Name of the Vulnerable Software and Affected Versions** PHPNews version 1.3.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `url`, `id`, `subject`, `username`, or `time` parameter in templates/link temp.php, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For PHPNews version 1.3.0, as a temporary workaround, consider restricting access to the templates/link temp.php file until a patch is available. Avoid using the parameters `url`, `id`, `subject`, `username`, or `time` in the affected template file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.