Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2004-0660

Publish Date: 19 Jul 2004

                							

                source: http://www.securityfocus.com/bid/10750/info

CutePHP is reported prone to an HTML injection vulnerability.

The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to comment posts are not sufficiently sanitized of malicious HTML code.

An attacker can exploit this vulnerability by adding HTML code within URI arguments. The hostile code may be rendered in the user's browser when the user views the entry.

Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.

http://www.example.com/show_news.php?subaction=addcomment&amp;name=UserName&amp;comments=http://www.example.com&amp;id=1078525267||1090074219|UserName|none|127.0.0.1|&lt;script&gt;alert("example");&lt;/script&gt;||

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CuteNews 1.3 - Comment HTML Injection

Vulmon Search

About

Products

Connect