Vulnerabilities > CVE-2004-1659 - Cross-Site Scripting vulnerability in CuteNews 'index.php'

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

cutephp

nessus

exploit available

NVD

Published: 2004-09-02

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.

Vulnerable Configurations

Part	Description	Count
Application	Cutephp Cutephp Cutenews 0.88 Cutephp Cutenews 1.3 Cutephp Cutenews 1.3.1 Cutephp Cutenews 1.3.2 Cutephp Cutenews 1.3.6	5

Exploit-Db

description	CuteNews 0.88/1.3.x 'index.php' Cross-Site Scripting Vulnerability. CVE-2004-1659. Webapps exploit for php platform
id	EDB-ID:24566
last seen	2016-02-02
modified	2004-09-02
published	2004-09-02
reporter	Exoduks
source	https://www.exploit-db.com/download/24566/
title	CuteNews 0.88/1.3.x - 'index.php' Cross-Site Scripting Vulnerability

Nessus

NASL family	CGI abuses : XSS
NASL id	CUTENEWS_INDEXPHP_XSS.NASL
description	The version of CuteNews installed on the remote host is vulnerable to a cross-site scripting (XSS) attack. An attacker, exploiting this flaw, would need to be able to coerce a user to browse to a purposefully malicious URI. Upon successful exploitation, the attacker would be able to run code within the web-browser in the security context of the CuteNews server.
last seen	2020-06-01
modified	2020-06-02
plugin id	14665
published	2004-09-06
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14665
title	CuteNews index.php mod Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References