Vulnerabilities for News script php pro (...) - CXSECURITY.COM

Vulnerabilities for 'News script php pro'

2020-11-24

CVE-2020-25475

CWE-89

SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.

CVE-2020-25474

CWE-79

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.

CVE-2020-25473

NVD-CWE-Other

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies.

CVE-2020-25472

CWE-352

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.

Copyright 2024, cxsecurity.com