Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1.
Max CVSS
4.3
EPSS Score
0.80%
Published
2008-02-12
Updated
2008-09-05
Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) hash and (2) page parameters.
Max CVSS
4.3
EPSS Score
0.82%
Published
2006-05-05
Updated
2017-07-20
2 vulnerabilities found