CVE-2012-4679
Newscoop < 3.5.5 - Cross-Site Scripting via f_user_name Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-4679. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary This advisory details multiple vulnerabilities in Newscoop, including Remote File Inclusion (RFI), SQL Injection (SQLi), and Cross-Site Scripting (XSS). It provides Proof-of-Concept (PoC) URLs for each vulnerability but does not include executable exploit code.
Description
Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter.
Exploits (1)
This advisory details multiple vulnerabilities in Newscoop, including Remote File Inclusion (RFI), SQL Injection (SQLi), and Cross-Site Scripting (XSS). It provides Proof-of-Concept (PoC) URLs for each vulnerability but does not include executable exploit code.