icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PaNews Multiple Injection Vulnerabilities

High

Synopsis

The remote host is running a vulnerable version of PaNews, a news management script written in PHP.

Description

The remote host is running PaNews, a news management script written in PHP. This version of PaNews is vulnerable to a Cross-Site Scripting (XSS) attack. An attacker exploiting this flaw would need to be able to convince an unsuspecting user to visit a malicious website. Upon successful exploitation, the attacker would be able to possibly steal credentials or execute browser-side code. The version of PaNews is also reported to be prone to several remote SQL and HTML injection attacks. An attacker exploiting these flaws would be able to potentially modify and view confidential data.

Solution

Upgrade or patch according to vendor recommendations.