Vulnerabilities (CVE)

Filtered by vendor Ashwebstudio Subscribe
Filtered by product Ashnews
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-0524 1 Ashwebstudio 1 Ashnews 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2003-1292 1 Ashwebstudio 1 Ashnews 2024-11-20 5.0 MEDIUM N/A
PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php.