CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

One-News: Security Vulnerabilities

CVE-2008-7060

Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 allow remote attackers to inject arbitrary HTML and web script via the (1) title or (2) content parameters in a news item to add.php, and the (3) itemnum, (4) author, or (5) comment parameters in a comment to index.php. NOTE: vectors 1 and 2 require user authentication.

CVSS Score

4.3

EPSS Score

0.002

Published

2009-08-24

Page 1

Vulnerabilities

Vulnerable Software

One-News: Security Vulnerabilities

Products

Pricing

Contact Us