CVE-2020-25474

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting XSS vulnerability via the editorname parameter...

Sql injection

SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action...

Cross site request forgery (csrf)

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery CSRF vulnerability, which allows attackers to add new users...

Session fixation

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies...

Cross site scripting

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting XSS vulnerability via the editorname parameter...

CVE-2020-25475

SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. The linked documents confirm an SQL injection vulnerability in this product/version, caused by unsafely handling the id input in the editNews workflow. The CVE notes a SQL injection...

CVE-2020-25475

SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action...

CVE-2020-25474

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting XSS vulnerability via the editorname parameter...

CVE-2020-25474

CVE-2020-25474 affects SimplePHPscripts News Script PHP Pro 2.3. The connected sources describe a Cross-Site Scripting (XSS) vulnerability exploitable via the editor_name parameter. Affected component is the News Script PHP Pro 2.3 software; no root cause details are provided beyond the XSS via e...

CVE-2020-25473

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies...

CVE-2020-25473

CVE-2020-25473 affects SimplePHPscripts News Script PHP Pro 2.3. The root cause is that HttpOnly is not set on session cookies, potentially exposing session data to client-side access. The NVD notes a network attack vector with low complexity and no authentication required, leading to partial con...

CVE-2020-25472

The CVE-2020-25472 entry concerns SimplePHPscripts News Script PHP Pro 2.3, which is reported to be vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to add new users. The connected sources consistently identify CSRF as the issue and tie it to News Script PHP Pro 2.3, with no add...

CVE-2020-25472

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery CSRF vulnerability, which allows attackers to add new users...

Simplephpscripts News Script PHP Pro Security Vulnerability

Simplephpscripts Simplephpscripts News Script PHP Pro is a Php Mysql based news distribution system by Simplephpscripts Bulgaria. A security vulnerability exists in SimplePHPscripts News Script PHP Pro version 2.3 that stems from not properly setting the HttpOnly flag from the session cookie...