Vulnerabilities > Dotnetindex > Active News Manager

DATE CVE VULNERABILITY TITLE RISK
2006-11-24 CVE-2006-6096 Cross-Site Scripting vulnerability in Dotnetindex Active News Manager
Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter. 		4.3
4.3
2006-11-24 CVE-2006-6095 SQL Injection vulnerability in Dotnetindex Active News Manager
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp.
network
low complexity
dotnetindex CWE-89
7.5
7.5