CVE-2005-0645

Name of the Vulnerable Software and Affected Versions cuteNews version 1.3.6

Description The issue allows remote attackers to inject arbitrary HTML, web script, and PHP code via the CLIENT-IP or X-FORWARDED-FOR header in an HTTP POST request to "show news.php". This is a cross-site scripting (XSS) issue.

Recommendations For cuteNews version 1.3.6, consider restricting access to the show news.php endpoint until a patch is available, and avoid using the CLIENT-IP or X-FORWARDED-FOR header in HTTP POST requests to this endpoint.