Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-news vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-15677
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.
Btiteam Xbtit 2.5.4
755
VMScore
CVE-2010-1713
SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote malicious users to execute arbitrary SQL commands via the sid parameter in a News article modload action.
Postnuke Postnuke 0.764
1 EDB exploit
383
VMScore
CVE-2020-10494
CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows malicious users to edit a news article, given the id, via a crafted request.
Chadhaajay Phpkb 9.0
383
VMScore
CVE-2007-5834
Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows remote malicious users to inject arbitrary web script or HTML via a SCRIPT element in a news post.
Bosdev Bosnews 4
755
VMScore
CVE-2010-1994
SQL injection vulnerability in index.php in TomatoCMS prior to 2.0.5 allows remote malicious users to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO.
Tomatocms Tomatocms
Tomatocms Tomatocms 2.0.3.1622
Tomatocms Tomatocms 2.0.3.1430
Tomatocms Tomatocms 2.0.3
Tomatocms Tomatocms 2.0.2
Tomatocms Tomatocms 2.0.1
Tomatocms Tomatocms 2.0.0
1 EDB exploit
383
VMScore
CVE-2007-3330
Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote malicious users to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization.
Stphp Easynews 4.0
516
VMScore
CVE-2008-4698
Opera prior to 9.61 does not properly block scripts during preview of a news feed, which allows remote malicious users to create arbitrary new feed subscriptions and read the contents of arbitrary feeds.
Opera Opera Browser 9.20
Opera Opera Browser 9.12
Opera Opera Browser 9.22
Opera Opera Browser 9.21
Opera Opera Browser 8.54
Opera Opera Browser 8.53
Opera Opera Browser 7.54
Opera Opera Browser 7.53
Opera Opera Browser 9.26
Opera Opera Browser 9.27
Opera Opera Browser 8.0
Opera Opera Browser 7.22
Opera Opera Browser 7.50
Opera Opera Browser 7.01
Opera Opera Browser 7.02
Opera Opera Browser 6.0
Opera Opera Browser 6.1
Opera Opera Browser 5.0
Opera Opera Browser 5.02
Opera Opera Browser 9.51
Opera Opera Browser 9.52
Opera Opera Browser 9.01
755
VMScore
CVE-2007-6556
Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote malicious users to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp.
Websihirbazi Websihirbazi 5.1.1
1 EDB exploit
890
VMScore
CVE-2008-3252
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote malicious users to execute arbitrary code via a news article containing a large number of lines starting with a period.
Fedora Newsx 1.6
445
VMScore
CVE-2007-3331
Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote malicious users to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post.
Stphp Easynews 4.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »