Description
Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) site, and (7) lien parameters to (a) admin/change.php, and the (8) aa parameter to (b) lire-avis.php.
Exploits (2)
References (3)
Core 3
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21516
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2025
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/453964/100/0/threaded
Scores
EPSS
0.0143
EPSS Percentile
80.7%
Details
Status
published
Products (1)
scriptphp/pronews
1.5
Published
Dec 14, 2006
Tracked Since
Feb 18, 2026