CVE-2006-6996

Name of the Vulnerable Software and Affected Versions warforge.NEWS version 1.0

Description The issue allows remote attackers to inject arbitrary HTML and web script via specific parameters to certain PHP files. The vulnerable parameters include title and newspost in "newsadd.php", and name, title, and comment in "news.php".

Recommendations For warforge.NEWS version 1.0, consider restricting access to the "newsadd.php" and "newsphp" files until a fix is available, and avoid using the vulnerable parameters title, newspost, name, and comment in these files. At the moment, there is no information about a newer version that contains a fix for this issue.