CuteNews Index.php XSS Network Vulnerability

Summary

The remote web server contains a PHP script that is prone to cross-site scripting attacks. Description : The version of CuteNews installed on the remote host is vulnerable to a cross-site-scripting (XSS) attack. An attacker, exploiting this flaw, would need to be able to coerce a user to browse to a purposefully malicious URI. Upon successful exploitation, the attacker would be able to run code within the web-browser in the security context of the CuteNews server.

Solution

Upgrade to the latest version.

References

http://marc.theaimsgroup.com/?l=bugtraq&m=109415338521881&w=2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-1659
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Archiva Home Page Cross-Site Scripting vulnerability
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Apache Tiles Multiple XSS Vulnerability
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability

CuteNews index.php XSS

Take action and discover your vulnerabilities