CVE-2020-29241
https://notcve.org/view.php?id=CVE-2020-29241
Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the "Title" parameter. Online News Portal que utiliza PHP/MySQLi versión 1.0, está afectado por un ataque de tipo cross site scripting (XSS) que permite a atacantes remotos inyectar un script web o HTML arbitrario por medio del parámetro "Title" • https://medium.com/%40parshwa.fabaf/cross-site-scripting-vulnerability-in-admin-panel-c95bd4ecb6aa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-8361
https://notcve.org/view.php?id=CVE-2019-8361
PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection. PHP Scripts Mall Responsive Video News Script tiene Cross-Site Scripting (XSS) mediante la barra de búsqueda. Esto podría, por ejemplo, aprovecharse para una inyección HTML o la redirección de URL. • https://hackingvila.wordpress.com/2019/02/16/url-redirection-through-html-injection-in-responsive-video-news-script-php-script-mall https://hackingvila.wordpress.com/2019/02/16/xss-vulnerability-in-responsive-video-news-script-php-script-mall • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1000515
https://notcve.org/view.php?id=CVE-2018-1000515
ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server.. ventrian News-Articles en la versión NewsArticles.00.09.11 contiene una vulnerabilidad de XEE (XML External Entity) en News-Articles/API/MetaWebLog/Handler.ashx.vb que puede resultar en que un atacante lea cualquier archivo en el servidor o emplee ataques smbrelay para acceder al servidor. • https://drive.google.com/drive/folders/1P7djpYX8VQ0oplhOCMFNdKQByCcw2ncU?usp=sharing • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-6928
https://notcve.org/view.php?id=CVE-2018-6928
PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. PHP Scripts Mall News Website Script 2.0.4 tiene inyección SQL mediante un término de búsqueda. • https://www.exploit-db.com/exploits/44030 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-7581 – TYPO3 News Module SQL Injection
https://notcve.org/view.php?id=CVE-2017-7581
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. Vulnerabilidad de inyección SQL en NewsController.php en el módulo Noticias 5.3.2 y versiones anteriores para TYPO3 permite a usuarios no autenticados ejecutar comandos SQL arbitrarios a través de vectores que implican overwriteDemand para OrderByAllowed. • https://www.ambionics.io/blog/typo3-news-module-sqli http://www.ambionics.io/blog/typo3-news-module-sqli • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •