WebSec B.V.’s Post

View organization page for WebSec B.V.

475 followers

New CVE Numbers by WebSec. CVE Number: CVE-2020-25472 Vulnerability Name: Cross-Site Request Forgery Vendor: SimplePhpScripts Software Name: News Script PHP Pro Patched in: Latest Version Impact: State Changing Request Forgery Risk: High CVE Number: CVE-2020-25473 Vulnerability Name: Missing HttpOnly from Session Cookie Vendor: SimplePhpScripts Software Name: News Script PHP Pro Patched in: Latest Version Impact: inline scripts can read the session cookie Risk: Low CVE Number: CVE-2020-25474 Vulnerability Name: Stored Cross-Site Scripting Vendor: SimplePhpScripts Software Name: News Script PHP Pro Patched in: Latest Version Impact: Account Takeover if Chained together with the CSRF, otherwise the impact is a Self Stored XSS Risk: High CVE Number: CVE-2020-25475 Vulnerability Name: SQL Injection Vendor: SimplePhpScripts Software Name: Event Script Patched in: Latest Version Impact: SQL Injection Risk: High

To view or add a comment, sign in

Explore topics