CuteNews version 1.3.x suffers from an HTML injection flaw in the commentary section.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/33818/advisory-11.txt
Source: https://packetstormsecurity.com/files/33818/advisory-11.txt.html