Lucene search
K

33 matches found

NVD
NVD
added 2026/04/05 9:16 p.m.5 views

CVE-2019-25668

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...

8.8CVSS0.004EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/05 8:45 p.m.2 views

CVE-2019-25668 News Website Script 2.0.5 SQL Injection via index.php

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...

8.8CVSS6AI score0.004EPSS
Exploits1References3
CVE
CVE
added 2026/04/05 8:45 p.m.8 views

CVE-2019-25668

CVE-2019-25668 affects News Website Script 2.0.5. The vulnerability is an SQL injection in the news ID parameter, exploitable via GET requests to index.php/show/news/. Unauthenticated attackers can manipulate queries and potentially extract sensitive data. Metrics indicate high impact on confiden...

8.8CVSS6AI score0.004EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/05 8:45 p.m.5 views

CVE-2019-25668

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...

8.8CVSS6AI score0.004EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.9 views

News Website Script SQL注入漏洞

News Website Script is a website-building system script from the PHP Scripts Mall community. Version 2.0.5 of News Website Script contains an SQL injection vulnerability. This vulnerability stems from the SQL injection in the news ID parameter, which could allow unverified attackers to manipulate...

8.8CVSS5.9AI score0.004EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-18672

Malware in sbrugna...

9.8CVSS9.5AI score0.0172EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-21731

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00327EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2025-21541

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00327EPSS
Exploits0References2
OSV
OSV
added 2025/08/25 3:38 p.m.4 views

CVE-2025-55301 The Scratch Channel Allows Username Modification

The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1...

6.7CVSS6.6AI score0.00159EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/07/18 5:58 p.m.11 views

CVE-2025-53904

The Scratch Channel is a news website that is under development as of time of this writing. The file /api/admin.js contains code that could make the website vulnerable to cross-site scripting. No known patches exist as of time of publication...

5.3CVSS6.3AI score0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/17 6:55 p.m.13 views

CVE-2025-53903

The Scratch Channel is a news website that is under development as of time of this writing. The file /api/users.js doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb addresses this issue...

5.3CVSS5.8AI score0.00327EPSS
Exploits0References1
NVD
NVD
added 2025/07/15 7:15 p.m.29 views

CVE-2025-53903

The Scratch Channel is a news website that is under development as of time of this writing. The file /api/users.js doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb addresses this issue...

5.3CVSS0.00327EPSS
Exploits0References2
CVE
CVE
added 2025/07/15 6:22 p.m.26 views

CVE-2025-53903

CVE-2025-53903 affects The Scratch Channel’s web application, with a cross-site scripting (XSS) vulnerability stemming from unsanitized input in /api/users.js. The issue is addressed by commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb. Public documents describe the vulnerability and fix; exploitat...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References2
OSV
OSV
added 2025/07/15 6:22 p.m.5 views

CVE-2025-53903 The Scratch Channel Has Potential Cross-Site Scripting (XSS) Vulnerability

The Scratch Channel is a news website that is under development as of time of this writing. The file /api/users.js doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb addresses this issue...

5.3CVSS6.2AI score0.00327EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2023/12/22 6:46 p.m.10 views

psoriasis-news.de Improper Access Control vulnerability OBB-3820177

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/06/15 11:40 a.m.12 views

news.streckenflug.at Cross Site Scripting vulnerability OBB-3433429

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/06/29 9:49 p.m.27 views

news.medill.northwestern.edu Cross Site Scripting vulnerability OBB-2699261

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/03/26 2:27 a.m.11 views

we-news.net Cross Site Scripting vulnerability OBB-2448204

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Openbugbounty
Openbugbounty
added 2019/12/19 7:9 p.m.14 views

diabetes-news.de Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1043828 Security Researcher MAS00712 Helped patch 230 vulnerabilities Received 4 Coordinated Disclosure badges Received 9 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting diabetes-news.de website an...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2019/02/25 12:0 a.m.15 views

News Website Script 2.0.5 - SQL Injection

News Website Script 2.0.5 - SQL Injection Exploit Title: News Website Script 2.0.5 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 22, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...

8.6AI score
Exploits0
Rows per page
Query Builder