Description
Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1.
Exploits (1)
References (3)
Core 3
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27652
Exploit mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=120235668406688&w=2
Exploit mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=120232523420188&w=2
Scores
EPSS
0.0037
EPSS Percentile
58.6%
Details
CWE
CWE-79
Status
published
Products (1)
planetluc/mynews
< 1.6.4
Published
Feb 12, 2008
Tracked Since
Feb 18, 2026