PT-2004-1747 · Cutenews · Cutenews

Darkbicho

Published

2004-07-13

Updated

2017-07-11

CVE-2004-0660

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CuteNews version 1.3.1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary script or HTML. This is possible via the id parameter in files such as show archives.php and show news.php.

Recommendations For CuteNews version 1.3.1, consider restricting access to the vulnerable php files, such as show archives.php and show news.php, until a patch is available. Avoid using the id parameter in these files to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0660

Affected Products

Cutenews

PT-2004-1747 · Cutenews · Cutenews

CVE-2004-0660

Related Identifiers

Affected Products

References · 9