Skip to main content

Newscoop

6 CVEs product

Monthly

CVE-2020-11807 HIGH POC PATCH This Week

Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

File Upload PHP Newscoop
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2013-0730 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) language parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Newscoop
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4679 MEDIUM POC PATCH THREAT This Month

Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.4%.

PHP XSS Newscoop
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
11.4%
CVE-2012-1935 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Newscoop
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
7.2%
CVE-2012-1934 HIGH POC This Week

SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Newscoop
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
1.7%
CVE-2012-1933 MEDIUM POC This Month

Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Code Injection RCE Newscoop
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
6.5%
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

File Upload PHP Newscoop
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x through 4.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) language parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Newscoop
NVD GitHub
EPSS 11% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.4%.

PHP XSS Newscoop
NVD Exploit-DB
EPSS 7% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Newscoop
NVD Exploit-DB
EPSS 2% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Newscoop
NVD Exploit-DB
EPSS 7% CVSS 6.8
MEDIUM POC This Month

Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Code Injection RCE +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy