Cross-Site Scripting Vulnerability in CuteNews by CuteNews Team
CVE-2006-6300

Currently unrated

Key Information:

Vendor: CutePHP
Status: Cutenews
Vendor: CVE Published:; 5 December 2006

What is CVE-2006-6300?

A cross-site scripting (XSS) vulnerability has been identified in CuteNews 1.3.6, which permits remote attackers to inject arbitrary web scripts or HTML into the application via the 'result' parameter. This flaw could potentially allow unauthorized access and manipulation of user sessions, leading to significant security risks for users and website integrity.

References

http://securityreason.com/securityalert/1969

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/21403

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/30660

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2006
Vulnerability Reserved
Dec 5, 2006

CutePHP

What is CVE-2006-6300?

References

Timeline