CVE-2006-1968

Name of the Vulnerable Software and Affected Versions KCScripts News Publisher versions prior to Portal Pack 6.0

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the sort order parameter in the news/NsVisitor.cgi script.

Recommendations For versions prior to Portal Pack 6.0, update to a version later than Portal Pack 6.0 to resolve the issue. As a temporary workaround, consider restricting access to the news/NsVisitor.cgi script to minimize the risk of exploitation. Avoid using the sort order parameter in the affected script until the issue is resolved.