Required CVE Record Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters.
References 8 Total
- vupen.com: ADV-2006-1683 vdb-entry
- securityreason.com: 860 third-party-advisory
- secunia.com: 20026 third-party-advisory
- securityfocus.com: 20060505 CuteNews 1.4.1 Multiple vulnerabilities mailing-list
- osvdb.org: 25304 vdb-entry
- http://neosecurityteam.net/index.php?action=advisories&id=21
- exchange.xforce.ibmcloud.com: cutenews-search-parameters-xss(26270) vdb-entry
- securityfocus.com: 17850 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 8 Total
- vupen.com: ADV-2006-1683 vdb-entryx_transferred
- securityreason.com: 860 third-party-advisoryx_transferred
- secunia.com: 20026 third-party-advisoryx_transferred
- securityfocus.com: 20060505 CuteNews 1.4.1 Multiple vulnerabilities mailing-listx_transferred
- osvdb.org: 25304 vdb-entryx_transferred
- http://neosecurityteam.net/index.php?action=advisories&id=21 x_transferred
- exchange.xforce.ibmcloud.com: cutenews-search-parameters-xss(26270) vdb-entryx_transferred
- securityfocus.com: 17850 vdb-entryx_transferred