Sourcefabric Newscoop Multiple Cross Site Scripting And SQL Injection Vulnerabilities Network Vulnerability

Summary

Sourcefabric Newscoop is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Sourcefabric Newscoop 3.5.4 is vulnerable prior versions may also be affected.

Solution

Updates are available. Please see the references for more details.

References

http://dev.sourcefabric.org/browse/CS-4181
http://dev.sourcefabric.org/browse/CS-4182
http://dev.sourcefabric.org/browse/CS-4183
http://dev.sourcefabric.org/browse/CS-4184
http://www.securityfocus.com/bid/52941
http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm
http://www.sourcefabric.org/en/products/newscoop_release/570/Newscoop-352-is-out!.htm

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1934

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Allegro RomPager `Misfortune Cookie` Vulnerability
Avenger's News System Command Execution
Apache Archiva Multiple Remote Command Execution Vulnerabilities
Astium VoIP PBX SQL Injection Vulnerability
Advantech WebAccess Multiple Vulnerabilities

Sourcefabric Newscoop Multiple Cross Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities