Vulnerabilities > Yanick Bourbeau

DATE CVE VULNERABILITY TITLE RISK
2009-09-08 CVE-2008-7172 Permissions, Privileges, and Access Controls vulnerability in Yanick Bourbeau Lightweight News Portal 1.0B
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.
network
low complexity
yanick-bourbeau CWE-264
7.5
2009-09-08 CVE-2008-7171 Cross-Site Scripting vulnerability in Yanick Bourbeau Lightweight News Portal 1.0B
Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php.
4.3