Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PaNews Multiple Injection Vulnerabilities



The remote host is running a vulnerable version of PaNews, a news management script written in PHP.


The remote host is running PaNews, a news management script written in PHP. This version of PaNews is vulnerable to a Cross-Site Scripting (XSS) attack. An attacker exploiting this flaw would need to be able to convince an unsuspecting user to visit a malicious website. Upon successful exploitation, the attacker would be able to possibly steal credentials or execute browser-side code. The version of PaNews is also reported to be prone to several remote SQL and HTML injection attacks. An attacker exploiting these flaws would be able to potentially modify and view confidential data.


Upgrade or patch according to vendor recommendations.