CVE-2013-0730

Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) language parameter to application/modules/admin/controllers/LanguagesController.php or (2) user parameter to application/modules/admin/controllers/UserController.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
flexeraCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
sourcefabricnewscoop
4.0:rc3
sourcefabricnewscoop
4.0.1
sourcefabricnewscoop
4.0.2
sourcefabricnewscoop
4.0.3
sourcefabricnewscoop
4.0.4
sourcefabricnewscoop
4.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://forum.sourcefabric.org/discussion/15052/security-patch-released-for-newscoop-4-1
http://secunia.com/advisories/51921
https://github.com/sourcefabric/Newscoop/commit/4f948ba3afaaeb616006cbabc85906ef3254169d
http://forum.sourcefabric.org/discussion/15052/security-patch-released-for-newscoop-4-1
http://secunia.com/advisories/51921
https://github.com/sourcefabric/Newscoop/commit/4f948ba3afaaeb616006cbabc85906ef3254169d