CVE-2004-0358

Name of the Vulnerable Software and Affected Versions VirtuaNews Admin Panel Pro version 1.0.3

Description A cross-site scripting (XSS) issue allows remote attackers to execute arbitrary scripts as other users. This can be achieved via several parameters in the admin.php file, including the mainnews parameter, the expand parameter, the id parameter, and the catid parameter. Additionally, an unnamed parameter during the newslogo upload action in admin.php is also vulnerable.

Recommendations For VirtuaNews Admin Panel Pro version 1.0.3, as a temporary workaround, consider restricting access to the admin.php file and its parameters, such as mainnews, expand, id, and catid, until a patch is available. Avoid using the unnamed parameter during the newslogo upload action in admin.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.