CVE-2012-1935

EUVD-2012-1944
Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
sourcefabricnewscoop
3.5.0
sourcefabricnewscoop
3.5.1
sourcefabricnewscoop
3.5.2
sourcefabricnewscoop
3.5.3
sourcefabricnewscoop
3.5.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html
http://dev.sourcefabric.org/browse/CS-4179
http://dev.sourcefabric.org/browse/CS-4182
http://dev.sourcefabric.org/browse/CS-4183
http://secunia.com/advisories/48769
http://www.exploit-db.com/exploits/18752
http://www.securityfocus.com/bid/52941
http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/74781
https://www.htbridge.com/advisory/HTB23084
http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html
http://dev.sourcefabric.org/browse/CS-4179
http://dev.sourcefabric.org/browse/CS-4182
http://dev.sourcefabric.org/browse/CS-4183
http://secunia.com/advisories/48769
http://www.exploit-db.com/exploits/18752
http://www.securityfocus.com/bid/52941
http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/74781
https://www.htbridge.com/advisory/HTB23084