Cross-Site Scripting Vulnerability in CuteNews by CuteNews
CVE-2006-1121

Currently unrated

Key Information:

Vendor

CutePHP

Status
Cutenews
Vendor
CVE Published:
9 March 2006

What is CVE-2006-1121?

The vulnerability in CuteNews version 1.4.1 allows attackers to exploit cross-site scripting (XSS) issues by injecting arbitrary web scripts or HTML into the application. This is achieved through manipulation of the query string in the index.php file, posing significant risks to users who may inadvertently execute malicious scripts. Proper input validation mechanisms should be implemented to mitigate such vulnerabilities and protect user data.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25052
vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/426759/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/16961
vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.