Vendor

Harold Bakker

Products

CVEs

Across products

Status

Private

Products

CVE	CVSS	EPSS	Published	Description
CVE-2009-4348	—	0.00	Dec 17, 2009	Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146.
CVE-2009-4262	—	0.00	Dec 10, 2009	Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php.
CVE-2006-2146	—	0.01	May 2, 2006	Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) poster_name, (2) poster_email, (3) poster_homepage, or (4) message parameter.
CVE-2006-2145	—	0.01	May 2, 2006	Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) topic or (2) id parameter.

CVE-2009-4348Dec 17, 2009
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to inject arbitrary web script or HTML via the topic parameter in a topic action, a different vector than CVE-2006-2146.
CVE-2009-4262Dec 10, 2009
risk 0.00cvss —epss 0.00
Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php.
CVE-2006-2146May 2, 2006
risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) poster_name, (2) poster_email, (3) poster_homepage, or (4) message parameter.
CVE-2006-2145May 2, 2006
risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) topic or (2) id parameter.