Summary
The remote web server contains a PHP script that is affected by a cross-site scripting issue.
Description:
The version of Cutenews installed on the remote host fails to sanitize input to the 'search.php' script before using it to generate dynamic HTML to be returned to the user. An unauthenticated attacker can exploit this issue to execute a cross-site scripting attack.
This version of Cutenews is also likely affected by other associated issues.
Solution
Unknown at this time.
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Advanced Image Hosting Cross Site Scripting Vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability