33 matches found
CVE-2019-25668
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...
CVE-2019-25668 News Website Script 2.0.5 SQL Injection via index.php
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...
CVE-2019-25668
CVE-2019-25668 affects News Website Script 2.0.5. The vulnerability is an SQL injection in the news ID parameter, exploitable via GET requests to index.php/show/news/. Unauthenticated attackers can manipulate queries and potentially extract sensitive data. Metrics indicate high impact on confiden...
CVE-2019-25668
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...
News Website Script SQL注入漏洞
News Website Script is a website-building system script from the PHP Scripts Mall community. Version 2.0.5 of News Website Script contains an SQL injection vulnerability. This vulnerability stems from the SQL injection in the news ID parameter, which could allow unverified attackers to manipulate...
EUVD-2018-18672
Malware in sbrugna...
EUVD-2025-21731
Malicious code in bioql PyPI...
EUVD-2025-21541
Malicious code in bioql PyPI...
CVE-2025-55301 The Scratch Channel Allows Username Modification
The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1...
CVE-2025-53904
The Scratch Channel is a news website that is under development as of time of this writing. The file /api/admin.js contains code that could make the website vulnerable to cross-site scripting. No known patches exist as of time of publication...
CVE-2025-53903
The Scratch Channel is a news website that is under development as of time of this writing. The file /api/users.js doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb addresses this issue...
CVE-2025-53903
The Scratch Channel is a news website that is under development as of time of this writing. The file /api/users.js doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb addresses this issue...
CVE-2025-53903
CVE-2025-53903 affects The Scratch Channel’s web application, with a cross-site scripting (XSS) vulnerability stemming from unsanitized input in /api/users.js. The issue is addressed by commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb. Public documents describe the vulnerability and fix; exploitat...
CVE-2025-53903 The Scratch Channel Has Potential Cross-Site Scripting (XSS) Vulnerability
The Scratch Channel is a news website that is under development as of time of this writing. The file /api/users.js doesn't properly sanitize text box inputs, leading to a potential vulnerability to cross-site scripting attacks. Commit 90b39eb56b27b2bac29001abb1a3cac0964b8ddb addresses this issue...
psoriasis-news.de Improper Access Control vulnerability OBB-3820177
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
news.streckenflug.at Cross Site Scripting vulnerability OBB-3433429
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
news.medill.northwestern.edu Cross Site Scripting vulnerability OBB-2699261
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
we-news.net Cross Site Scripting vulnerability OBB-2448204
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
diabetes-news.de Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1043828 Security Researcher MAS00712 Helped patch 230 vulnerabilities Received 4 Coordinated Disclosure badges Received 9 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting diabetes-news.de website an...
News Website Script 2.0.5 - SQL Injection
News Website Script 2.0.5 - SQL Injection Exploit Title: News Website Script 2.0.5 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 22, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...