Newsscriptphp: >> News Script Php Pro >> 2.3 Security Vulnerabilities
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-11-24
SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-11-24
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-11-24
SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-11-24