CVE-2020-25474

CVE-2020-25474 affects SimplePHPscripts News Script PHP Pro 2.3. The connected sources describe a Cross-Site Scripting (XSS) vulnerability exploitable via the editor_name parameter. Affected component is the News Script PHP Pro 2.3 software; no root cause details are provided beyond the XSS via e...

CVE-2020-25475

SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action. The linked documents confirm an SQL injection vulnerability in this product/version, caused by unsafely handling the id input in the editNews workflow. The CVE notes a SQL injection...

CVE-2020-25473

CVE-2020-25473 affects SimplePHPscripts News Script PHP Pro 2.3. The root cause is that HttpOnly is not set on session cookies, potentially exposing session data to client-side access. The NVD notes a network attack vector with low complexity and no authentication required, leading to partial con...

CVE-2020-25472

The CVE-2020-25472 entry concerns SimplePHPscripts News Script PHP Pro 2.3, which is reported to be vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to add new users. The connected sources consistently identify CSRF as the issue and tie it to News Script PHP Pro 2.3, with no add...