Lucene search
K

143 matches found

Prion
Prion
added 2023/07/07 2:15 p.m.23 views

Cross site scripting

A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. This affects an unknown part of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The...

4CVSS6.1AI score0.00312EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/07 1:31 p.m.31 views

CVE-2023-3537 SimplePHPscripts News Script PHP Pro URL Parameter preview.php cross site scripting

A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. This affects an unknown part of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The...

4CVSS6.3AI score0.00312EPSS
Exploits0References2
CVE
CVE
added 2023/07/07 1:31 p.m.41 views

CVE-2023-3537

Affected product: SimplePHPscripts News Script PHP Pro 2.4 . Vulnerable component: the URL Parameter Handler in the file /preview.php . Issue: Cross-site scripting (XSS) , reported to be exploitable remotely via manipulation of URL parameters. No exploitation status is provided in the sources. Re...

6.1CVSS4.9AI score0.00312EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/07 12:0 a.m.4 views

PT-2023-25208 · Unknown · Simplephpscripts News Script Php Pro

Name of the Vulnerable Software and Affected Versions: SimplePHPscripts News Script PHP Pro version 2.4 Description: A problematic vulnerability has been found in the URL Parameter Handler component of the /preview.php file, leading to cross-site scripting. The attack can be initiated remotely...

6.1CVSS6.7AI score0.00312EPSS
Exploits0References6
CNVD
CNVD
added 2020/11/25 12:0 a.m.4 views

News Script PHP Pro Cross-Site Scripting Vulnerability

News Script PHP Pro is a PHP/MySQL based web script from Simple PHP Scripts for displaying news on your website. A cross-site scripting vulnerability exists in News Script PHP Pro 2.3. The vulnerability can be exploited to conduct cross-site scripting attacks via the editorname parameter...

6.1CVSS6.4AI score0.00859EPSS
Exploits0References1
OSV
OSV
added 2020/11/24 3:15 p.m.4 views

CVE-2020-25475

SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action...

9.8CVSS7.4AI score0.01052EPSS
Exploits0References2
NVD
NVD
added 2020/11/24 3:15 p.m.29 views

CVE-2020-25473

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies...

6.5CVSS6.6AI score0.00904EPSS
Exploits0References3
Prion
Prion
added 2020/11/24 3:15 p.m.22 views

Session fixation

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies...

6.4CVSS6.6AI score0.00904EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2020/11/24 3:15 p.m.14 views

Cross site request forgery (csrf)

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery CSRF vulnerability, which allows attackers to add new users...

4.3CVSS6.6AI score0.00513EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2020/11/24 3:15 p.m.20 views

Sql injection

SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action...

7.5CVSS9.8AI score0.01052EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/11/24 2:49 p.m.46 views

CVE-2020-25475

SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. The linked documents confirm an SQL injection vulnerability in this product/version, caused by unsafely handling the id input in the editNews workflow. The CVE notes a SQL injection...

9.8CVSS9.8AI score0.01052EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/11/24 2:48 p.m.49 views

CVE-2020-25474

CVE-2020-25474 affects SimplePHPscripts News Script PHP Pro 2.3. The connected sources describe a Cross-Site Scripting (XSS) vulnerability exploitable via the editor_name parameter. Affected component is the News Script PHP Pro 2.3 software; no root cause details are provided beyond the XSS via e...

6.1CVSS6AI score0.00859EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/11/24 2:48 p.m.38 views

CVE-2020-25474

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting XSS vulnerability via the editorname parameter...

6.1AI score0.00859EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/11/24 2:29 p.m.36 views

CVE-2020-25473

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies...

6.6AI score0.00904EPSS
Exploits0References3
CVE
CVE
added 2020/11/24 2:28 p.m.40 views

CVE-2020-25472

The CVE-2020-25472 entry concerns SimplePHPscripts News Script PHP Pro 2.3, which is reported to be vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to add new users. The connected sources consistently identify CSRF as the issue and tie it to News Script PHP Pro 2.3, with no add...

6.5CVSS6.6AI score0.00513EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

PHP Pro Bid 5.2.4 viewfeedback.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/19158/info PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

PHP Pro Bid 5.2.4 auctionsearch.php advsrc Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/19158/info PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

DeltaScripts PHP Pro Publish 2.0 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/18243/info PHP Pro Publish is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

PHP Pro Bid 5.2.4/6.04 Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/31263/info PHP Pro Bid is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

All Enthusiast PhotoPost PHP Pro 5.0 adm-photo.php Arbitrary Image Manipulation

No description provided by source. source: http://www.securityfocus.com/bid/12779/info PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution. Multiple remote vulnerabilities affect All Enthusiast PhotoPo...

7.1AI score
Exploits0
Rows per page
Query Builder