[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060304102811.9954.qmail@securityfocus.com>
Date: 4 Mar 2006 10:28:11 -0000
From: roozbeh_afrasiabi@...oo.com
To: bugtraq@...urityfocus.com
Subject: [KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability
[KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability
KAPDA New advisory
Vulnerable products : CuteNews1.4.1
Vendor: www.cutephp.com
Risk: Low
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi and imei addmimistrator
roozbeh_afrasiabi[at]yahoo[dot]com
www.kapda.ir
www.persiax.com
Date :
--------------------
Found : N/A
Vendor Contacted : N/A
About :
--------------------
"Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives,
search function, image uploading,backup function, IP banning, flood protection ..." (from cutephp.org)
Vulnerability:
--------------------
Cross_Site_Scripting :
CuteNews is affected by a cross-site scripting vulnerability.This issue is due to the failure of the application to properly sanitize user-
supplied input.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed.
Detail and PoC :
--------------------
please view original advisory for more info
Solution :
--------------------
N/A
Original Advisory :
--------------------
http://kapda.ir/advisory-277.html
Credit :
--------------------
Discoverd by Roozbeh Afrasiabi and imei addmimistrator
roozbeh_afrasiabi@...oo.com
Kapda
Security Science Researchers Insitute
www.kapda.ir
www.persiax.com
Powered by blists - more mailing lists