Vulnerabilities > Stphp > Easynews > 4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-21 | CVE-2007-3331 | Cross-Site Request Forgery vulnerability in Stphp Easynews 4.0 Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post. | 5.0 |
| 2007-06-21 | CVE-2007-3330 | Script HTML Injection vulnerability in Stphp Easynews 4.0 Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization. network stphp | 4.3 |
| 2006-12-31 | CVE-2006-6866 | Information Disclosure vulnerability in Stphp Easynews 4.0 STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt. | 7.8 |