Intrusion Prevention

Expinion.Net.MMS.XSS

Description

This indicates an attempt to inject a hostile HTML or web script into News Manager Lite.
News Manager Lite is a news management program for web sites. It runs on Microsoft Windows platforms and it is built using ASP. Multiple vulnerabilities exist that allow users to inject an HTML or web script, because of insufficient filtering of user-supplied input. The following files are vulnerable: comment_add.asp, search.asp, category_news_headline.asp, more.asp, category_news.asp, and ews_sort.asp.

Affected Products

Expinion.net News Manager Lite 2.5.

Impact

Security Bypass, Cross Site Scripting, Manipulation of data.

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-2004-1845