Vulnerabilities (CVE)

Filtered by vendor Bosdev Subscribe
Filtered by product Bosnews
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4703 1 Bosdev 1 Bosnews 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows remote attackers to execute arbitrary SQL commands via the article parameter.
CVE-2007-5835 1 Bosdev 1 Bosnews 2024-11-21 5.0 MEDIUM N/A
Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access.
CVE-2007-5834 1 Bosdev 1 Bosnews 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post.