CVE-2006-6180

Name of the Vulnerable Software and Affected Versions Expinion.net iNews Publisher (iNP) versions 2.5 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via the hl parameter in the articles.asp file, potentially leading to cross-site scripting (XSS) attacks.

Recommendations For versions 2.5 and earlier, consider restricting access to the articles.asp file or disabling the hl parameter to minimize the risk of exploitation until a fix is available.