[原文]The admin.html file in MySimple News 1.0 stores its administrative password in plaintext, which allows remote attackers to gain unauthorized access to the web server by viewing the source of admin.html.
MySimpleNews stores the administrative password in clear text in a remotely viewable HTML file.
Any remote user can view the contents of the HTML file to determine the administrator password.
The administrator password can be found in the HTML code for admin.html below:
moncode = prompt('MySimpleNews - Administration','');
if (moncode != "[ADMINPASSWORD]")
MySimpleNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user views the source of 'admin.html' occurs, which will contains the admin password in cleartext.
Currently, there are no known upgrades, patches or workarounds available to correct this vulnerability.