CVE-2005-2393

Name of the Vulnerable Software and Affected Versions CuteNews version 1.3.6

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the lastusername parameter to "index.php" or the selected search arch parameter to "search.php".

Recommendations For CuteNews version 1.3.6, as a temporary workaround, consider restricting access to the lastusername parameter in "index.php" and the selected search arch parameter in "search.php" until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved.