|| Security Net Advisory #D.25.7.06.a

Title  : sNews CMS v1.4 XSS injection
Impact : Cross Site Scripting
Type   : Remote
Vendor : 
  - Url   : http://www.solucija.com/
  - Status: Vendor was first contacted on 25.7.2006.

|| Vulnerability

Input passed to the "search_query" parameters in snews.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session.

|| Solution:

In snews.php already exist function cleanXSS().

|| Contact

Author : Ivan Markovic
Site   : www.security-net.biz