Ashwebstudio Ashnews vulnerabilities
2 known vulnerabilities affecting ashwebstudio/ashnews.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2003-1292P3MEDIUMCVSS 5.0PoCv0.832003-12-31
CVE-2003-1292 [MEDIUM] CVE-2003-1292: PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to inclu
PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php.
nvd
CVE-2006-0524P4MEDIUMCVSS 4.3PoCv0.832006-02-02
CVE-2006-0524 [MEDIUM] CVE-2006-0524: Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote
Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
nvd