Home
Consulting
Advisories
Software
Articles
Contact

Newscoop 3.5.1 Persistent Cross-site Scripting

Legacy Advisories

Description

A persistent cross-site scripting vulnerability in Newscoop 3.5.1 can be exploited to execute arbitrary JavaScript.

Proof Of Concept

Enter the following in the Comment field of any article:

</textarea><script>alert(0)</script>

Navigate to the comment approval section of the admin page to see the result.


Copyright © 2018 AutoSec Tools LLC