| VID |
21312 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The CuteNews is vulnerable to a Cross-Site Scripting Vulnerability via the 'id' variable.
CuteNews is a freely available PHP based news management system that uses flat files to store the database. The versions 1.3.1 and earlier of CuteNews have a Cross-Site Scripting Vulnerability, caused by a failure of the application to properly sanitize user-supplied URI input. By sending a malicious URL link to multiple scripts containing embedded code in the id variable as the following, a remote attacker could execute the embedded code in the target's web browser, once the link is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
http://[target_server]/show_archives.php?subaction=showcomments&id=<script>alert(document.cookie);</script>&archive=&start_from=&ucat=&&archive=&start_from=&ucat=&
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0907.html
* Platforms Affected:
CutePHP CuteNews 0.88
CutePHP CuteNews 1.3
CutePHP CuteNews 1.3.1
Microsoft Windows Any version
Unix, Linux Any version |
| Recommendation |
No upgrade or patch available as of July 2004. |
| Related URL |
(CVE) |
| Related URL |
10620 (SecurityFocus) |
| Related URL |
16525 (ISS) |
|
