CVE-2008-7171

Name of the Vulnerable Software and Affected Versions Lightweight news portal (LNP) version 1.0b

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the photo parameter to "show photo.php", the potd parameter to "show potd.php", or the Current question field in a vote action to "admin.php".

Recommendations For Lightweight news portal (LNP) version 1.0b, consider validating and sanitizing user input for the photo parameter in "show photo.php", the potd parameter in "show potd.php", and the Current question field in "admin.php" to prevent arbitrary web script or HTML injection. As a temporary workaround, restrict access to "show photo.php", "show potd.php", and "admin.php" to minimize the risk of exploitation.