A Cross Site Scripting vulnerability has been found in MyNewsGroups, which is a webbased service used to read USENET postings.
The Subject header is not properly verified, thus an attacker may create a malicious subject line, post it to a news group and use it to hijack MyNewsGroup user accounts.
Solution: There is no patch or update available from the vendor. If this issue is critical to your security, we suggest that you either change the source code yourself or choose another mean of reading USENET messages.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: MyNewsGroups Cross Site Scripting vulnerability
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.