SnewsCVEs & Vulnerabilities
2 CVEs affecting Snews products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
2 CVEs→ All vendors
Most Affected Products
snews cms rus 3snews 2
CVE-2008-1413MEDIUMpoc
Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus 2.1 through 2.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
20 Mar 2008
4.3
CVSS
CVE-2007-0261CRITICALpoc
snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.
17 Jan 2007
10.0
CVSS
← PrevPage 1 / 1Next →