lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060304102811.9954.qmail@securityfocus.com>
Date: 4 Mar 2006 10:28:11 -0000
From: roozbeh_afrasiabi@...oo.com
To: bugtraq@...urityfocus.com
Subject: [KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability


[KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability

KAPDA New advisory

Vulnerable products : CuteNews1.4.1
Vendor: www.cutephp.com
Risk: Low
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi and imei addmimistrator
roozbeh_afrasiabi[at]yahoo[dot]com
www.kapda.ir
www.persiax.com

Date :
--------------------
Found : N/A
Vendor Contacted : N/A

About :
--------------------
"Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, 
search function, image uploading,backup function, IP banning, flood protection ..." (from cutephp.org)

Vulnerability:
--------------------
Cross_Site_Scripting :

CuteNews is affected by a cross-site scripting vulnerability.This issue is due to the failure of the application to properly sanitize user-
supplied input.

As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed.

Detail and PoC :
--------------------
please view original advisory for more info

Solution :
--------------------
N/A

Original Advisory :
--------------------
http://kapda.ir/advisory-277.html

Credit :
--------------------
Discoverd by Roozbeh Afrasiabi and imei addmimistrator
roozbeh_afrasiabi@...oo.com
Kapda
Security Science Researchers Insitute
www.kapda.ir
www.persiax.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ