CVE-2009-4172

Name of the Vulnerable Software and Affected Versions CuteNews versions 1.4.6, 8, and 8b

Description A cross-site scripting (XSS) issue exists due to the lack of proper input validation in the body of a news article when the addnews action is performed. This occurs when magic quotes gpc is disabled, allowing remote attackers to inject arbitrary web script or HTML.

Recommendations For CuteNews versions 1.4.6, 8, and 8b, consider disabling the addnews action or restricting access to it until a proper fix is applied, and ensure that magic quotes gpc is enabled to mitigate the risk of exploitation.