[KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability
KAPDA New advisory
Vulnerable products : CuteNews1.4.1
Vendor: www.cutephp.com
Risk: Low
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi and imei addmimistrator
roozbeh_afrasiabi[at]yahoo[dot]com
www.kapda.ir
www.persiax.com
Found : N/A
Vendor Contacted : N/A
"Cute news is a powerful and easy for using news management system that use flat files to store its
database. It supports comments, archives,
search function, image uploading,backup function, IP banning, flood protection …" (from cutephp.org)
Cross_Site_Scripting :
CuteNews is affected by a cross-site scripting vulnerability.This issue is due to the failure of the
application to properly sanitize user-
supplied input.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link
containing script code that will be executed in the browser of an unsuspecting user when followed.
please view original advisory for more info
N/A
http://kapda.ir/advisory-277.html
Discoverd by Roozbeh Afrasiabi and imei addmimistrator
[email protected]
Kapda
Security Science Researchers Insitute
www.kapda.ir
www.persiax.com