Primary

Context

NewsLister Authenticated Persistent Cross-Site Scripting Vulnerability

Vulnerability

A persistent cross-site scripting vulnerability has been identified in NewsLister versions through 1.0. This vulnerability allows authenticated administrators to inject malicious scripts via the title parameter in the news addition interface. The injected JavaScript payloads execute when the news items are viewed by other users.

Impact

Exploitation of this vulnerability allows for authenticated persistent cross-site scripting, where injected scripts are executed in the context of the user viewing the news item.

Reproduction

To reproduce this vulnerability, log into the admin panel of NewsLister. Navigate to the news addition interface and enter a JavaScript payload into the title field. Once the news item is saved, the injected script will execute when the news is viewed by other users.

Added: May 16, 2026, 4:34 PM

Updated: May 16, 2026, 4:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

3.9

remediation

0.0

relevance

8.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

3.9

remediation

0.0

relevance

8.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NewsLister Authenticated Persistent Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

NewsLister

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating