Dreaxteam Xt-News vulnerabilities
2 known vulnerabilities affecting dreaxteam/xt-news.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2006-6747P3HIGHCVSS 7.5PoCv0.12006-12-27
CVE-2006-6747 [HIGH] CWE-89 CVE-2006-6747: SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbit
SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter.
nvd
CVE-2006-6746P4MEDIUMCVSS 4.3PoCv0.12006-12-27
CVE-2006-6746 [MEDIUM] CWE-79 CVE-2006-6746: Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject
Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php.
nvd