PT-2001-2611 · Easynews · Easynews

Published

2001-12-31

Updated

2008-09-05

CVE-2001-1526

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions easyNews versions 1.5 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability in the comments action in index.php. This allows remote attackers to inject arbitrary web script or HTML via the zeit parameter.

Recommendations For easyNews versions 1.5 and earlier, consider disabling the comments action in index.php until a patch is available. Restrict access to the zeit parameter in the affected API endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1526

Affected Products

Easynews

PT-2001-2611 · Easynews · Easynews

CVE-2001-1526

Related Identifiers

Affected Products

References · 3