ByteOS Network

stphp

Source -

NVD

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2007-3330

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.33% / 55.23%

7 Day CHG~0.00%

Published-21 Jun, 2007 | 18:00

Updated-07 Aug, 2024 | 14:14

Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization.

Vendor-stphp n/a

Product-easynews n/a

CVE-2007-3331

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-0.31% / 53.57%

7 Day CHG~0.00%

Published-21 Jun, 2007 | 18:00

Updated-07 Aug, 2024 | 14:14

Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post.

Vendor-stphp n/a

Product-easynews n/a

CVE-2006-6866

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.8||HIGH

EPSS-7.14% / 91.20%

7 Day CHG~0.00%

Published-04 Jan, 2007 | 22:00

Updated-07 Aug, 2024 | 20:42

STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.

Vendor-stphp n/a

Product-easynews n/a