Published: 10/12/2009 Updated: 10/10/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 270
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and (3) the title parameter to search.php.

Affected Products

Vendor Product Versions


source: wwwsecurityfocuscom/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues Note that exploits for some of the issues may require administrator privilege Successful expl ...
MorningStar Security - Advisory wwwmorningstarsecuritycom/ Multiple security issues in Cute News and UTF-8 Cute News 1 Advisory Information ------------------------------------------------------------------------------------------------------------------------ Title: Multiple security issues in Cute News and UTF-8 Cute News Advisory ID ...