CuteNews <= 1.3.6 Multiple XSS

low Nessus Plugin ID 17256

Synopsis

The remote web server contains several PHP scripts that are prone to multiple flaws, including possible arbitrary PHP code execution.

Description

According to its version number, the remote host is running a version of CuteNews that allows an attacker to inject arbitrary script through the variables 'X-FORWARDED-FOR' or 'CLIENT-IP' when adding a comment. On one hand, an attacker can inject a client-side script to be executed by an administrator's browser when he/she chooses to edit the added comment. On the other, an attacker with local access could leverage this flaw to run arbitrary PHP code in the context of the web server user.

Additionally, it suffers from a cross-site scripting flaw involving the 'search.php' script.

Solution

Unknown at this time.

See Also

http://www.kernelpanik.org/docs/kernelpanik/cutenews.txt

http://www.nessus.org/u?c580ee7f

Plugin Details

Severity: Low

ID: 17256

File Name: cutenews_ip_script_injection.nasl

Version: 1.23

Type: remote

Published: 3/2/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 1.9

Temporal Score: 1.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: www/cutenews

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 3/1/2005

Reference Information

CVE: CVE-2005-0645, CVE-2005-2393

BID: 12691, 14328

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990