Synopsis
The remote host is running CuteNews, a news management system implemented in PHP.
Description
The remote host is running CuteNews, a news management system implemented in PHP. It is reported that this version of CuteNews is affected by a cross-site scripting (XSS) vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. An attacker may execute malicious code in a victim's browser and steal credentials on this site.
Solution
No solution is known at this time.
Plugin Details
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X
Reference Information
BID: 10948