CuteNews Index.php XSS Network Vulnerability

Summary

The remote web server contains a PHP script that is prone to cross-site scripting attacks. Description : The version of CuteNews installed on the remote host is vulnerable to a cross-site-scripting (XSS) attack. An attacker, exploiting this flaw, would need to be able to coerce a user to browse to a purposefully malicious URI. Upon successful exploitation, the attacker would be able to run code within the web-browser in the security context of the CuteNews server.

Solution

Upgrade to the latest version.

References

http://marc.theaimsgroup.com/?l=bugtraq&m=109415338521881&w=2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-1659

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

3Com NBX VoIP NetSet Detection
Apache ActiveMQ Multiple Vulnerabilities
Apache Tomcat NIO Connector Denial of Service Vulnerability
Ampache Reflected Cross Site Scripting Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities

CuteNews index.php XSS

Take action and discover your vulnerabilities