Vulnerabilities > CVE-2004-1659 - Cross-Site Scripting vulnerability in CuteNews 'index.php'
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description | CuteNews 0.88/1.3.x 'index.php' Cross-Site Scripting Vulnerability. CVE-2004-1659. Webapps exploit for php platform |
id | EDB-ID:24566 |
last seen | 2016-02-02 |
modified | 2004-09-02 |
published | 2004-09-02 |
reporter | Exoduks |
source | https://www.exploit-db.com/download/24566/ |
title | CuteNews 0.88/1.3.x - 'index.php' Cross-Site Scripting Vulnerability |
Nessus
NASL family | CGI abuses : XSS |
NASL id | CUTENEWS_INDEXPHP_XSS.NASL |
description | The version of CuteNews installed on the remote host is vulnerable to a cross-site scripting (XSS) attack. An attacker, exploiting this flaw, would need to be able to coerce a user to browse to a purposefully malicious URI. Upon successful exploitation, the attacker would be able to run code within the web-browser in the security context of the CuteNews server. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14665 |
published | 2004-09-06 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14665 |
title | CuteNews index.php mod Parameter XSS |