Vulnerabilities > CVE-2003-0495 - Unspecified vulnerability in Ledscripts.Com Lednews 0.7
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | LedNews 0.7 Post Script Code Injection Vulnerability. CVE-2003-0495. Webapps exploit for cgi platform |
| id | EDB-ID:22777 |
| last seen | 2016-02-02 |
| modified | 2003-06-16 |
| published | 2003-06-16 |
| reporter | gilbert vilvoorde |
| source | https://www.exploit-db.com/download/22777/ |
| title | LedNews 0.7 Post Script Code Injection Vulnerability |
Nessus
| NASL family | CGI abuses : XSS |
| NASL id | LEDNEWS_XSS.NASL |
| description | The remote web server is running LedNews, a set of scripts designed to help maintain a news-based website. There is a flaw in some versions of LedNews that could allow an attacker to include rogue HTML code in the news, which may in turn be used to steal the cookies of people visiting this site, or to annoy them by showing pop-up error messages and such. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11741 |
| published | 2003-06-16 |
| reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11741 |
| title | LedNews News Post XSS |