CVE-2008-1649

Name of the Vulnerable Software and Affected Versions EasyNews version 4.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp pupublish action. This could potentially lead to unauthorized access or control of user sessions.

Recommendations For EasyNews version 4.0, consider restricting access to the edp pupublish action or validating and sanitizing the read parameter to prevent injection of malicious scripts. As a temporary workaround, avoid using the read parameter in the affected action until a patch is available.