Vulnerability Details CVE-2008-4349
Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://packetstorm.linuxsecurity.com/0809-exploits/paranews-xss.txt
- http://secunia.com/advisories/31786
- http://www.securityfocus.com/bid/31152
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45101
- http://packetstorm.linuxsecurity.com/0809-exploits/paranews-xss.txt
- http://secunia.com/advisories/31786
- http://www.securityfocus.com/bid/31152
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45101