Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote malicious users to inject arbitrary script or HTML via the id parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cutephp cutenews 0.88 |
||
cutephp cutenews 1.3 |
||
cutephp cutenews 1.3.1 |