CVE-2020-37236

MEDIUM 6.4

NewsLister Authenticated Persistent Cross-Site Scripting via Admin Panel

CVSS Score

6.4

EPSS Score

0.0%

EPSS Percentile

0th

NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that execute when news items are viewed by other users.

CWE	CWE-79
Vendor	netartmedia
Product	newslister
Published	May 16, 2026

Stay Ahead of the Next One

Get instant alerts for netartmedia newslister

Be the first to know when new medium vulnerabilities affecting netartmedia newslister are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

None

Affected Versions

Netartmedia / NewsLister

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/49160 netartmedia.net: https://www.netartmedia.net/newslister.html vulncheck.com: https://www.vulncheck.com/advisories/newslister-authenticated-persistent-cross-site-scripting-via-admin-panel

Credits

Emre Aslan