Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter.Referenceshttp://archives.neohapsis.com/archives/bugtraq/2001-12/0000.htmlhttp://www.iss.net/security_center/static/7658.php
