CuteNews XSS Network Vulnerability

Summary

The remote web server contains a PHP script that is prone to cross-site scripting attacks. Description : According to it's banner, the version of CuteNews on the remote host fails to sanitize input to the 'archive' parameter of the 'show_archives.php' script. An attacker, exploiting this flaw, would need to be able to coerce a user to browse to a purposefully malicious URI. Upon successful exploitation, the attacker would be able to run code within the web-browser in the security context of the CuteNews server.

Solution

Upgrade to CuteNews v1.3.2 or newer.

References

http://secunia.com/advisories/12260/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

AlienForm CGI script
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities

Take action and discover your vulnerabilities