Description
Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Rafel Ivgi The-Insider · textwebappsphp
https://www.exploit-db.com/exploits/23792
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107851556116088&w=2
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-03/0069.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15402
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9812
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9819
Scores
EPSS
0.0062
EPSS Percentile
70.0%
Details
Status
published
Products (4)
virtuasystems/virtuanews_pro
1.0
virtuasystems/virtuanews_pro
1.0.1
virtuasystems/virtuanews_pro
1.0.2
virtuasystems/virtuanews_pro
1.0.3
Published
Nov 23, 2004
Tracked Since
Feb 18, 2026