CVE-2012-1935
Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php.
Date published : 2012-08-27
http://www.securityfocus.com/bid/52941
http://archives.neohapsis.com/archives/bugtraq/2012-04/0130.html