Description
Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by R00T3RR0R · textwebappsphp
https://www.exploit-db.com/exploits/27415
exploitdb
WORKING POC
VERIFIED
by R00T3RR0R · textwebappsphp
https://www.exploit-db.com/exploits/27417
exploitdb
WORKING POC
VERIFIED
by R00T3RR0R · textwebappsphp
https://www.exploit-db.com/exploits/27416
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23840
Exploit x_refsource_misc
http://biyosecurity.be/bugs/wmnews.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23842
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/23841
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19204
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17076
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0939
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/427479/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25210
Scores
EPSS
0.0105
EPSS Percentile
77.7%
Details
Status
published
Products (1)
mikael_software/wmnews
Published
Mar 14, 2006
Tracked Since
Feb 18, 2026