2 matches found
CVE-2007-4874
SimpNews 2.41.03 contains multiple XSS vulnerabilities allowing remote attackers to inject scripts via l_username (admin/layout2b.php) and backurl (comment.php). Underlying issue is cross-site scripting in input handling. The impact is to execute arbitrary script in user context (no data exfiltra...
simpnews24103-xss.txt
netVigilance Security Advisory 70 SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header, multip...