[KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability
[KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability
KAPDA New advisory
Vulnerable products : CuteNews1.4.1
Vendor: www.cutephp.com
Risk: Low
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi and imei addmimistrator
roozbeh_afrasiabi[at]yahoo[dot]com
www.kapda.ir
www.persiax.com
Date :
--------------------
Found : N/A
Vendor Contacted : N/A
About :
--------------------
"Cute news is a powerful and easy for using news management system that use
flat files to store its database. It supports comments, archives,
search function, image uploading,backup function, IP banning, flood protection
..." (from cutephp.org)
Vulnerability:
--------------------
Cross_Site_Scripting :
CuteNews is affected by a cross-site scripting vulnerability.This issue is due
to the failure of the application to properly sanitize user-
supplied input.
As a result of this vulnerability, it is possible for a remote attacker to
create a malicious link containing script code that will be executed in the
browser of an unsuspecting user when followed.
Detail and PoC :
--------------------
please view original advisory for more info
Solution :
--------------------
N/A
Original Advisory :
--------------------
http://kapda.ir/advisory-277.html
Credit :
--------------------
Discoverd by Roozbeh Afrasiabi and imei addmimistrator
roozbeh_afrasiabi@xxxxxxxxx
Kapda
Security Science Researchers Insitute
www.kapda.ir
www.persiax.com