| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 4 Mar 2006 10:28:11 -0000 From: roozbeh_afrasiabi@...oo.com To: bugtraq@...urityfocus.com Subject: [KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability [KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability KAPDA New advisory Vulnerable products : CuteNews1.4.1 Vendor: www.cutephp.com Risk: Low Vulnerabilities: Cross_Site_Scripting Discoverd by Roozbeh Afrasiabi and imei addmimistrator roozbeh_afrasiabi[at]yahoo[dot]com www.kapda.ir www.persiax.com Date : -------------------- Found : N/A Vendor Contacted : N/A About : -------------------- "Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, search function, image uploading,backup function, IP banning, flood protection ..." (from cutephp.org) Vulnerability: -------------------- Cross_Site_Scripting : CuteNews is affected by a cross-site scripting vulnerability.This issue is due to the failure of the application to properly sanitize user- supplied input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. Detail and PoC : -------------------- please view original advisory for more info Solution : -------------------- N/A Original Advisory : -------------------- http://kapda.ir/advisory-277.html Credit : -------------------- Discoverd by Roozbeh Afrasiabi and imei addmimistrator roozbeh_afrasiabi@...oo.com Kapda Security Science Researchers Insitute www.kapda.ir www.persiax.com
Powered by blists - more mailing lists