← Back

Newsscriptphp

newsscriptphp

4 CVEs • 1 product

Products (1)

Click to collapse
Toggle
News Script Php Pro
news_script_php_pro
4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-25475
1Newsscriptphp
1News Script Php Pro
Jun 17, 2026
Nov 24, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.
CVE-2020-25474
1Newsscriptphp
1News Script Php Pro
Jun 17, 2026
Nov 24, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.
CVE-2020-25473
1Newsscriptphp
1News Script Php Pro
Jun 17, 2026
Nov 24, 2020
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies.
CVE-2020-25472
1Newsscriptphp
1News Script Php Pro
Jun 17, 2026
Nov 24, 2020
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.