Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x up to and including 4.1.0 allow remote malicious users to inject arbitrary web script or HTML via vectors involving the (1) language parameter to application/modules/admin/controllers/LanguagesController.php or (2) user parameter to application/modules/admin/controllers/UserController.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sourcefabric newscoop 4.0 |
||
sourcefabric newscoop 4.0.4 |
||
sourcefabric newscoop 4.0.1 |
||
sourcefabric newscoop 4.1.0 |
||
sourcefabric newscoop 4.0.2 |
||
sourcefabric newscoop 4.0.3 |