Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 1:43 a.m.7 views

CVE-2010-5065

popup.php in Virtual War aka VWar 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action...

5CVSS7AI score0.01374EPSS
Exploits1References1
Circl
Circl
added 2025/05/12 5:0 p.m.68 views

CVE-2025-23395

creationtimestamp| type| source ---|---|--- 2025-05-12 17:00:00+00:00| seen| https://security.opensuse.org/2025/05/12/screen-security-issues.html3b-tty-hijacking-while-attaching-to-a-multi-user-session-cve-2025-46802 2025-05-12 17:24:36+00:00| seen|...

7.8CVSS6.9AI score0.00201EPSS
Exploits0References8
Circl
Circl
added 2024/12/17 11:0 a.m.9 views

CVE-2024-12373

creationtimestamp| type| source ---|---|--- 2024-12-17 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-03 2024-12-18 17:52:43+00:00| seen| https://t.me/cvedetector/13210 2024-12-20 14:17:25+00:00| seen| https://bsky.app/profile/hackingne.ws/post/3ldqlb62lf62g...

9.3CVSS8.9AI score0.00507EPSS
Exploits0References3
NVD
NVD
added 2024/12/16 3:15 p.m.12 views

CVE-2024-56012

Cross-Site Request Forgery CSRF vulnerability in lizeipe Flash News / Post Responsive flashnews-fading-effect-pearlbells allows Privilege Escalation.This issue affects Flash News / Post Responsive: from n/a through = 4.1...

9.8CVSS0.00346EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.4 views

WordPress plugin Flash News / Post (Responsive) 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

9.8CVSS8.5AI score0.00346EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/14 9:29 p.m.5 views

WordPress Flash News / Post (Responsive) plugin <= 4.1 - CSRF to Privilege Escalation vulnerability

CSRF to Privilege Escalation vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Flash News / Post Responsive versions = 4.1...

9.8CVSS7AI score0.00346EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.4 views

SUSE CVE-2003-0855

Pan 0.13.3 and earlier allows remote attackers to cause a denial of service crash via a news post with a long author email address...

7.8CVSS6.8AI score0.02066EPSS
Exploits1References3
Openbugbounty
Openbugbounty
added 2017/10/01 2:23 a.m.13 views

starearlycollege.org XSS vulnerability

Vulnerable URL: http://starearlycollege.org/apps/news/shownews.jsp?RECID=426987=0=News Post CIA Internship - High School Seniors Scholarship Program - STAR Early College School Details: Description| Value ---|--- Patched:| Yes, at 15.10.2017 Latest check for patch:| 15.10.2017 22:31 GMT...

6.2AI score
Exploits0
CVE
CVE
added 2012/10/08 10:0 a.m.46 views

CVE-2010-5065

The CVE-2010-5065 entry concerns Virtual War (aka VWar) version 1.6.1 R2. A vulnerability in popup.php allows remote attackers to bypass intended member restrictions and read news posts by manipulating the newsid parameter in a printnews action. The issue enables unauthorized access to restricted...

5CVSS6.8AI score0.01374EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2007/11/05 7:46 p.m.14 views

CVE-2007-5834

Cross-site scripting XSS vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post...

4.3CVSS5.6AI score0.01022EPSS
Exploits0References3
NVD
NVD
added 2007/06/21 6:30 p.m.15 views

CVE-2007-3330

Cross-site scripting XSS vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization...

4.3CVSS5.5AI score0.0106EPSS
Exploits0References5
Prion
Prion
added 2007/06/21 6:30 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization...

4.3CVSS5.9AI score0.0106EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/06/21 6:30 p.m.16 views

CVE-2007-3331

Cross-site request forgery CSRF vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via 1 a certain HTML form that is posted automatically by JavaScript or 2 a news post...

5CVSS6.8AI score0.0118EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/06/21 6:0 p.m.24 views

CVE-2007-3330

Cross-site scripting XSS vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization...

5.5AI score0.0106EPSS
Exploits0References5
NVD
NVD
added 2005/06/29 4:0 a.m.15 views

CVE-2005-2074

Cross-site scripting XSS vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the 1 newsbody, 2 articledescription, or 3 articlebody parameters to submit.php...

4.3CVSS5.7AI score0.01177EPSS
Exploits0References4
NVD
NVD
added 2003/11/03 5:0 a.m.17 views

CVE-2003-0855

Pan 0.13.3 and earlier allows remote attackers to cause a denial of service crash via a news post with a long author email address...

7.8CVSS6.5AI score0.02066EPSS
Exploits1References5
CVE
CVE
added 2003/10/30 5:0 a.m.45 views

CVE-2003-0855

Pan (GNOME/GTK+ newsreader) 0.13.3 and earlier is affected by CVE-2003-0855: parsing an article header with a very long author email can cause a remote denial of service (crash). The issue is addressed in Pan 0.13.4 and later; advisories (e.g., RHSA-2003:312) recommend upgrading to patched packag...

7.8CVSS6.6AI score0.02066EPSS
Exploits1References5Affected Software1
exploitpack
exploitpack
added 2002/09/25 12:0 a.m.17 views

Drupal 4.0 - News Message HTML Injection

Drupal 4.0 - News Message HTML Injection source: https://www.securityfocus.com/bid/5801/info Problems with Drupal could allow an attacker to execute arbitrary script code in a vulnerable client. Drupal fails to sufficiently filter potentially malicious HTML code from news posts. As a result, when...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2002/09/25 12:0 a.m.32 views

DaCode 1.2 - News Message HTML Injection

source: https://www.securityfocus.com/bid/5798/info Problems with DaCode could make it possible to execute arbitrary script code in a vulnerable client. DaCode does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/09/25 12:0 a.m.32 views

phpWebSite 0.8.3 - News Message HTML Injection

source: https://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that...

7.4AI score
Exploits0
Rows per page
Query Builder