holisticinfosec.org - HIO-2011-0131 Newscoop 3.5 XSS Vulnerabilities

Home
Blog
toolsmith (ISSA)
Research
Events
Publications
In The News
News
Best Practices
Links
How To
Standards
Simplicity
Philosophy
Security News Feeds
Search
Contact

"Interest in computer security is driven by events, and the number of events is increasing dramatically. - Ralph Merkle"

RSS

HIO-2011-0131 Newscoop 3.5 XSS Vulnerabilities

Newscoop 3.5 exhibits vulnerabillities which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "request" parameter to the login.php and do_logon.php scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

References:

CVE-2010-pending

BID:

OSVDB:

SA:

XF:

Vendor Solution:

Update to Newscoop 3.5.1

< Prev		Next >

[ Back ]