Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2249

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-2249
Last Modified 07 Mar 2011 09:35:49
Published 09 May 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2249

Summary

Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters.

Vulnerable Systems

Application

  • Cutephp Cutenews 0.88

  • Cutephp Cutenews 1.3

  • Cutephp Cutenews 1.3.1

  • Cutephp Cutenews 1.3.2

  • Cutephp Cutenews 1.3.6

  • Cutephp Cutenews 1.4.0

  • Cutephp Cutenews 1.4.1

  • Cutephp Cutenews 1.4.5


References

VUPEN - ADV-2006-1683

BID - 17850

BUGTRAQ - 20060505 CuteNews 1.4.1 Multiple vulnerabilities

SECUNIA - 20026

MISC - http://neosecurityteam.net/index.php?action=advisories&id=21

XF - cutenews-search-parameters-xss(26270)

OSVDB - 25304

SREASON - 860


Last Updated: 27 May 2016 10:42:24