CVE-2013-0730

Name of the Vulnerable Software and Affected Versions Newscoop versions 4.x through 4.1.0

Description The issue involves multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This can be achieved through vectors involving the language parameter to "application/modules/admin/controllers/LanguagesController.php" or the user parameter to "application/modules/admin/controllers/UserController.php".

Recommendations For Newscoop versions 4.x through 4.1.0, consider disabling access to the LanguagesController.php and UserController.php controllers until a patch is available. Restrict input for the language and user parameters in these controllers to minimize the risk of exploitation.