CVE-2007-3129

CVE-2007-3129 concerns an XSS vulnerability in Utopia News Pro 1.4.0, specifically in login.php where the password parameter can be exploited to inject script/HTML. The vulnerability is described across multiple sources (NVD, CVE records, and Full-Disclosure material), with exploitation details i...

CVE-2005-4223

Utopia News Pro (UNP) 1.1.4 is affected by multiple potential SQL injection vulnerabilities that could allow an attacker to run arbitrary SQL commands remotely. The issues are reported in specific input parameters across several PHP scripts: newsid in editnews.php, catid and question in faq.php, ...

CVE-2005-3200

Utopia News Pro (UNP) versions 1.1.3 and 1.1.4 are affected by multiple XSS vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via: (1) sitetitle parameter in header.php and (2) version and (3) query_count parameters in footer.php. The documents do not speci...