Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CuteNews show_archives.php XSS

Medium

Synopsis

The remote host is running CuteNews, a news management system implemented in PHP.

Description

The remote host is running CuteNews, a news management system implemented in PHP. It is reported that this version of CuteNews is affected by a cross-site scripting (XSS) vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. An attacker may execute malicious code in a victim's browser and steal credentials on this site.

Solution

No solution is known at this time.