LacoodaST and La!cooda WIZ Multiple Remote Vulnerabilities

LacoodaST and La!cooda WIZ Multiple Remote Vulnerabilities

LacoodaST and La!cooda WIZ are prone to multiple vulnerabilities including cross-site scripting, cross-site request-forgery, and server-side script-execution issues. LacoodaST is additionally vulnerable to a session-fixation issue.

Attackers can exploit these issues to:

- execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- steal cookie-based authentication credentials
- hijack a user's session and gain unauthorized access to the affected application
- execute server-side script code.

These issues affect the following:

LacoodaST 2.1.3 and earlier versions
La!cooda WIZ 4.1.0 and earlier versions