RSS   Vulnerabilities for 'Easynews'   RSS

2007-06-21
 
CVE-2007-3331

 

 
Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post.

 
 
CVE-2007-3330

 

 
Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization.

 
2006-12-31
 
CVE-2006-6866

 

 
STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.

 


Copyright 2024, cxsecurity.com

 

Back to Top