CVE-2013-0730
22.02.2013, 00:55
Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) language parameter to application/modules/admin/controllers/LanguagesController.php or (2) user parameter to application/modules/admin/controllers/UserController.php.
Vendor | Product | Version |
---|---|---|
sourcefabric | newscoop | 4.0:rc3 |
sourcefabric | newscoop | 4.0.1 |
sourcefabric | newscoop | 4.0.2 |
sourcefabric | newscoop | 4.0.3 |
sourcefabric | newscoop | 4.0.4 |
sourcefabric | newscoop | 4.1.0 |
𝑥
= Vulnerable software versions
References