CVE-2006-2249

Name of the Vulnerable Software and Affected Versions CuteNews versions 1.4.1 and earlier CuteNews version 1.4.5

Description The issue allows remote attackers to inject arbitrary web script or HTML via the user, story, or title parameters in the "search.php" file.

Recommendations For CuteNews versions 1.4.1 and earlier, update to a version later than 1.4.1 to resolve the issue. For CuteNews version 1.4.5, consider disabling the search functionality in "search.php" until a patch is available, and restrict access to the user, story, and title parameters to minimize the risk of exploitation.