Vulnerability   
Search   
    Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2009-4249
Description:Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters to index.php; and (3) the title parameter to search.php.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2009-4249
BugTraq ID: 36971
http://www.securityfocus.com/bid/36971
Bugtraq: 20091110 [MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News (Google Search)
http://www.securityfocus.com/archive/1/507782/100/0/threaded
http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt
XForce ISS Database: cutenews-index-xss(54220)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54220
XForce ISS Database: cutenews-lastusername-xss(54219)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54219
XForce ISS Database: cutenews-search-xss(54222)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54222




© 1998-2025 E-Soft Inc. All rights reserved.