CVE-2007-3330

Name of the Vulnerable Software and Affected Versions STphp EasyNews PRO version 4.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a news post. The news post is stored in the news/ directory without proper sanitization, enabling the execution of malicious scripts.

Recommendations For STphp EasyNews PRO version 4.0, ensure that all user input, especially news posts, is properly sanitized before being stored or displayed to prevent the injection of malicious scripts. As a temporary workaround, consider disabling the news posting feature until a proper fix is implemented to sanitize user input.