Published: 02/12/2009 Updated: 10/10/2018

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 270

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote malicious users to inject arbitrary web script or HTML via the body of a news article in an addnews action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
korn19 utf-8 cutenews 8
korn19 utf-8 cutenews 8b
cutephp cutenews 1.4.6

source: wwwsecurityfocuscom/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues Note that exploits for some of the issues may require administrator privilege Successful exploits m ...

MorningStar Security - Advisory wwwmorningstarsecuritycom/ Multiple security issues in Cute News and UTF-8 Cute News 1 Advisory Information ------------------------------------------------------------------------------------------------------------------------ Title: Multiple security issues in Cute News and UTF-8 Cute News Advisory ID ...

CWE-79 http://www.securityfocus.com/bid/36971 http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/54225 http://www.securityfocus.com/archive/1/507782/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/33340/

CVE-2009-4172

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect