Lucene search

PRIOn knowledge basePRION:CVE-2012-1935

HistoryAug 27, 2012 - 9:55 p.m.

Cross site scripting

2012-08-2721:55:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php.

CPENameOperatorVersion
newscoopeq3.5.3
newscoopeq4 rc3
newscoopeq3.5.4
newscoopeq3.5.0
newscoopeq3.5.2
newscoopeq3.5.1

Name	Operator	Version
newscoop	eq	3.5.3
newscoop	eq	4 rc3
newscoop	eq	3.5.4
newscoop	eq	3.5.0
newscoop	eq	3.5.2
newscoop	eq	3.5.1

References

archives.neohapsis.com/archives/bugtraq/2012-04/0130.html

dev.sourcefabric.org/browse/CS-4179

dev.sourcefabric.org/browse/CS-4182

dev.sourcefabric.org/browse/CS-4183

secunia.com/advisories/48769

www.securityfocus.com/bid/52941

www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm

exchange.xforce.ibmcloud.com/vulnerabilities/74781

www.exploit-db.com/exploits/18752

www.htbridge.com/advisory/HTB23084

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for PRION:CVE-2012-1935