Lightweight news portal Multiple Input Validation and Authentication Bypass Vulnerabilities

Lightweight news portal is prone to multiple vulnerabilities, including two cross-site scripting issues, an HTML-injection issue, an authentication-bypass issue, and an arbitrary-file-upload issue.

Attackers can leverage these issues to execute arbitrary HTML or script code in the context of the affected site or access certain administrative functions. This can allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, launch denial-of-service attacks, and compromise the application; other attacks are also possible.

Lightweight news portal 1.0b is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus