143 matches found
Cross site scripting
A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. This affects an unknown part of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The...
CVE-2023-3537 SimplePHPscripts News Script PHP Pro URL Parameter preview.php cross site scripting
A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. This affects an unknown part of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The...
CVE-2023-3537
Affected product: SimplePHPscripts News Script PHP Pro 2.4 . Vulnerable component: the URL Parameter Handler in the file /preview.php . Issue: Cross-site scripting (XSS) , reported to be exploitable remotely via manipulation of URL parameters. No exploitation status is provided in the sources. Re...
PT-2023-25208 · Unknown · Simplephpscripts News Script Php Pro
Name of the Vulnerable Software and Affected Versions: SimplePHPscripts News Script PHP Pro version 2.4 Description: A problematic vulnerability has been found in the URL Parameter Handler component of the /preview.php file, leading to cross-site scripting. The attack can be initiated remotely...
News Script PHP Pro Cross-Site Scripting Vulnerability
News Script PHP Pro is a PHP/MySQL based web script from Simple PHP Scripts for displaying news on your website. A cross-site scripting vulnerability exists in News Script PHP Pro 2.3. The vulnerability can be exploited to conduct cross-site scripting attacks via the editorname parameter...
CVE-2020-25475
SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action...
CVE-2020-25473
SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies...
Session fixation
SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies...
Cross site request forgery (csrf)
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery CSRF vulnerability, which allows attackers to add new users...
Sql injection
SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action...
CVE-2020-25475
SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. The linked documents confirm an SQL injection vulnerability in this product/version, caused by unsafely handling the id input in the editNews workflow. The CVE notes a SQL injection...
CVE-2020-25474
CVE-2020-25474 affects SimplePHPscripts News Script PHP Pro 2.3. The connected sources describe a Cross-Site Scripting (XSS) vulnerability exploitable via the editor_name parameter. Affected component is the News Script PHP Pro 2.3 software; no root cause details are provided beyond the XSS via e...
CVE-2020-25474
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting XSS vulnerability via the editorname parameter...
CVE-2020-25473
SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies...
CVE-2020-25472
The CVE-2020-25472 entry concerns SimplePHPscripts News Script PHP Pro 2.3, which is reported to be vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to add new users. The connected sources consistently identify CSRF as the issue and tie it to News Script PHP Pro 2.3, with no add...
PHP Pro Bid 5.2.4 viewfeedback.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/19158/info PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful...
PHP Pro Bid 5.2.4 auctionsearch.php advsrc Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/19158/info PHP Pro Bid is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful...
DeltaScripts PHP Pro Publish 2.0 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/18243/info PHP Pro Publish is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...
PHP Pro Bid 5.2.4/6.04 Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/31263/info PHP Pro Bid is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to...
All Enthusiast PhotoPost PHP Pro 5.0 adm-photo.php Arbitrary Image Manipulation
No description provided by source. source: http://www.securityfocus.com/bid/12779/info PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution. Multiple remote vulnerabilities affect All Enthusiast PhotoPo...