Ednews · Ednews · CVE-2003-0495
Name of the Vulnerable Software and Affected Versions:
LedNews version 0.7
Description:
A cross-site scripting (XSS) issue allows remote attackers to insert arbitrary web script via a news item.
Recommendations:
For LedNews version 0.7, consider disabling the news item feature until a patch is available to prevent exploitation of the XSS issue.