Cross-Site Scripting Vulnerability in CuteNews by CuteNews Team
CVE-2006-0885

Currently unrated

Key Information:

Vendor: CutePHP
Status: Cutenews
Vendor: CVE Published:; 25 February 2006

What is CVE-2006-0885?

A Cross-Site Scripting (XSS) vulnerability exists in show_news.php of CuteNews version 1.4.1, allowing remote attackers to inject arbitrary web scripts or HTML via the show parameter. This security flaw can be exploited to execute malicious code in the context of the user's browser, potentially leading to session hijacking and unauthorized access to sensitive information. It is crucial for users of this version to apply necessary security measures to mitigate this risk.

References

http://www.vupen.com/english/advisories/2006/0685

vdb-entryx_refsource_VUPEN

http://myimei.com/security/2006-02-20/cutenews141addcomme...

x_refsource_MISC

http://www.osvdb.org/23400

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2006
Vulnerability Reserved
Feb 25, 2006

CutePHP

What is CVE-2006-0885?

References

Timeline