PT-2004-1747 · Cutenews · Cutenews
Darkbicho
·
Publicado
2004-07-13
·
Atualizado
2017-07-11
·
CVE-2004-0660
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
CuteNews version 1.3.1
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary script or HTML. This is possible via the
id parameter in files such as show archives.php and show news.php.Recommendations
For CuteNews version 1.3.1, consider restricting access to the vulnerable php files, such as show archives.php and show news.php, until a patch is available. Avoid using the
id parameter in these files to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Cutenews