Vulnerabilities > CVE-2003-0495 - Unspecified vulnerability in Ledscripts.Com Lednews 0.7

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
ledscripts-com
nessus
exploit available

Summary

Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item.

Vulnerable Configurations

Part Description Count
Application
Ledscripts.Com
1

Exploit-Db

descriptionLedNews 0.7 Post Script Code Injection Vulnerability. CVE-2003-0495. Webapps exploit for cgi platform
idEDB-ID:22777
last seen2016-02-02
modified2003-06-16
published2003-06-16
reportergilbert vilvoorde
sourcehttps://www.exploit-db.com/download/22777/
titleLedNews 0.7 Post Script Code Injection Vulnerability

Nessus

NASL familyCGI abuses : XSS
NASL idLEDNEWS_XSS.NASL
descriptionThe remote web server is running LedNews, a set of scripts designed to help maintain a news-based website. There is a flaw in some versions of LedNews that could allow an attacker to include rogue HTML code in the news, which may in turn be used to steal the cookies of people visiting this site, or to annoy them by showing pop-up error messages and such.
last seen2020-06-01
modified2020-06-02
plugin id11741
published2003-06-16
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11741
titleLedNews News Post XSS