CVE-2004-1845

Name of the Vulnerable Software and Affected Versions News Manager Lite version 2.5

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the email parameter to "comment add.asp", the search parameter to "search.asp", or the n parameter to "category news headline.asp".

Recommendations For News Manager Lite version 2.5, consider disabling the comment add.asp, search.asp, and category news headline.asp pages until a patch is available. Restrict access to these pages to minimize the risk of exploitation. Avoid using the email, search, and n parameters in the affected API endpoints until the issue is resolved.