Filtered by vendor Ashwebstudio Subscriptions
Filtered by product Ashnews Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-0524 1 Ashwebstudio 1 Ashnews 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2003-1292 1 Ashwebstudio 1 Ashnews 2024-11-20 N/A
PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php.