CVE-2007-2300

Name of the Vulnerable Software and Affected Versions phpwebnews versions 0.2 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via the m txt parameter to specific API endpoints, including "iklan.php", "index.php", and "bukutamu.php". This can lead to cross-site scripting (XSS) attacks.

Recommendations For phpwebnews versions 0.2 and earlier, as a temporary workaround, consider restricting access to the m txt parameter in the affected API endpoints until a patch is available. Avoid using the m txt parameter in the "iklan.php", "index.php", and "bukutamu.php" endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.