Cross-Site Scripting Vulnerability in CuteNews by CuteNews
CVE-2006-2249

Currently unrated

Key Information:

Vendor

CutePHP

Status
Cutenews
Vendor
CVE Published:
9 May 2006

What is CVE-2006-2249?

Multiple cross-site scripting vulnerabilities exist in the search.php file of CuteNews versions 1.4.1 and prior, and potentially 1.4.5. This flaw permits remote attackers to insert malicious web scripts or HTML into the application via the user, story, or title parameters, which could lead to defacement of web pages or theft of sensitive information from users. Proper sanitization of input and robust validation measures are essential to mitigate this risk and enhance the overall security posture of the application.

References

http://www.vupen.com/english/advisories/2006/1683
vdb-entryx_refsource_VUPEN
http://securityreason.com/securityalert/860
third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/20026
third-party-advisoryx_refsource_SECUNIA

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.