Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
http://www.nishishi.com/cgi/newsclip/20150130.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000010