Unrated severityNVD Advisory· Published Apr 26, 2007· Updated Jun 16, 2026
CVE-2007-2300
CVE-2007-2300
Description
Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:surat_kabar:phpwebnews:0.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:surat_kabar:phpwebnews:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:surat_kabar:phpwebnews:0.2:*:*:*:*:*:*:*
- Range: <=0.2
Patches
Vulnerability mechanics
References
7News mentions
0No linked articles in our index yet.