Published: 10/12/2009 Updated: 10/10/2018

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 270

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and (3) the title parameter to search.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cutephp cutenews 1.4.6

source: wwwsecurityfocuscom/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues Note that exploits for some of the issues may require administrator privilege Successful expl ...

MorningStar Security - Advisory wwwmorningstarsecuritycom/ Multiple security issues in Cute News and UTF-8 Cute News 1 Advisory Information ------------------------------------------------------------------------------------------------------------------------ Title: Multiple security issues in Cute News and UTF-8 Cute News Advisory ID ...

CWE-79 http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt http://www.securityfocus.com/bid/36971 https://exchange.xforce.ibmcloud.com/vulnerabilities/54222 https://exchange.xforce.ibmcloud.com/vulnerabilities/54220 https://exchange.xforce.ibmcloud.com/vulnerabilities/54219 http://www.securityfocus.com/archive/1/507782/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/33342/

CVE-2009-4249

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect