CuteNews1.4.1 Cross_Site_Scripting Vulnerability

Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other

CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

[KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability KAPDA New advisory Vulnerable products : CuteNews1.4.1 Vendor: Risk: Low Vulnerabilities: Cross_Site_Scripting Discoverd by Roozbeh Afrasiabi and imei addmimistrator roozbeh_afrasiabi[at]yahoo[dot]com Date : -------------------- Found : N/A Vendor Contacted : N/A About : -------------------- "Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, search function, image uploading,backup function, IP banning, flood protection ..." (from Vulnerability: -------------------- Cross_Site_Scripting : CuteNews is affected by a cross-site scripting vulnerability.This issue is due to the failure of the application to properly sanitize user- supplied input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. Detail and PoC : -------------------- please view original advisory for more info Solution : -------------------- N/A Original Advisory : -------------------- Credit : -------------------- Discoverd by Roozbeh Afrasiabi and imei addmimistrator roozbeh_afrasiabi (at) yahoo (dot) com [email concealed] Kapda Security Science Researchers Insitute

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020,


Back to Top