CVE-2007-4874

Name of the Vulnerable Software and Affected Versions: SimpNews version 2.41.03

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities are found in the l username parameter to "admin/layout2b.php" and the backurl parameter to "comment.php".

Recommendations: For SimpNews version 2.41.03, consider restricting access to the admin/layout2b.php and comment.php scripts until a patch is available. As a temporary workaround, avoid using the l username and backurl parameters in the affected scripts.