English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 73247 CVE descriptions
and 39212 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56749
Category:CGI abuses : XSS
Title:CuteNews Multiple Cross-Site Scripting Vulnerabilities(2)
Summary:CuteNews Multiple Cross-Site Scripting Vulnerabilities(2)
Description:
The remote version of CuteNews, according to its version
number, is vulnerable to multiple cross site scripting
attacks involving the insufficient sanitization of user supplied
input.

Version 1.4.1, and possibly earlier versions, are vulnerable.

Solution : Upgrade to a later version.

Risk factor : High
Cross-Ref: BugTraq ID: 16740
BugTraq ID: 16961
BugTraq ID: 17592
BugTraq ID: 17700
BugTraq ID: 17850
Common Vulnerability Exposure (CVE) ID: CVE-2006-0885
Bugtraq: 20060221 [myimei]CuteNews1.4.1~ Add Comment For Protected UserNames~ XSS Attack (Google Search)
http://www.securityfocus.com/archive/1/425583
http://myimei.com/security/2006-02-20/cutenews141addcommentforprotectedusernamesxss-attack.html
http://www.securityfocus.com/bid/16740
http://www.vupen.com/english/advisories/2006/0685
http://www.osvdb.org/23400
http://secunia.com/advisories/18981
XForce ISS Database: cutenews-shownews-xss(24835)
http://xforce.iss.net/xforce/xfdb/24835
Common Vulnerability Exposure (CVE) ID: CVE-2006-1121
Bugtraq: 20060304 [KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/426759/100/0/threaded
http://kapda.ir/advisory-277.html
http://www.securityfocus.com/bid/16961
http://securitytracker.com/id?1015726
http://securityreason.com/securityalert/531
XForce ISS Database: cutenews-index-script-xss(25052)
http://xforce.iss.net/xforce/xfdb/25052
Common Vulnerability Exposure (CVE) ID: CVE-2006-1925
Bugtraq: 20060418 CuteNews 1.4.1 <= Cross Site Scripting (Google Search)
http://www.securityfocus.com/archive/1/431340/30/0/threaded
Bugtraq: 20060420 Re: CuteNews 1.4.1 <= Cross Site Scripting (Google Search)
http://www.securityfocus.com/archive/1/archive/1/431528/100/0/threaded
http://www.securityfocus.com/bid/17592
http://securityreason.com/securityalert/775
XForce ISS Database: cutenews-index-source-xss(25935)
http://xforce.iss.net/xforce/xfdb/25935
Common Vulnerability Exposure (CVE) ID: CVE-2006-2249
Bugtraq: 20060505 CuteNews 1.4.1 Multiple vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/archive/1/433058/100/0/threaded
http://neosecurityteam.net/index.php?action=advisories&id=21
http://www.securityfocus.com/bid/17850
http://www.vupen.com/english/advisories/2006/1683
http://www.osvdb.org/25304
http://secunia.com/advisories/20026
http://securityreason.com/securityalert/860
XForce ISS Database: cutenews-search-parameters-xss(26270)
http://xforce.iss.net/xforce/xfdb/26270
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 39212 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.