CVE-2006-2500

Name of the Vulnerable Software and Affected Versions CodeAvalanche News (CANews) version 1.2

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the Headline field in add news.asp. This could potentially lead to the execution of malicious scripts. However, if this issue is limited to administrators and it is expected behavior for them to generate HTML, then it may not be considered a vulnerability.

Recommendations For CodeAvalanche News (CANews) version 1.2, consider validating and sanitizing user input in the Headline field to prevent the injection of malicious scripts. As a temporary workaround, restrict access to the add news.asp page to minimize the risk of exploitation.