Vulnerabilities > CVE-2006-2249 - Cross-Site Scripting vulnerability in CuteNews
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Exploit-Db
| description | CuteNews 1.4.1 search.php Multiple Parameter XSS. CVE-2006-2249. Webapps exploit for php platform |
| id | EDB-ID:27819 |
| last seen | 2016-02-03 |
| modified | 2006-05-05 |
| published | 2006-05-05 |
| reporter | NST |
| source | https://www.exploit-db.com/download/27819/ |
| title | CuteNews 1.4.1 - search.php Multiple Parameter XSS |
References
- http://neosecurityteam.net/index.php?action=advisories&id=21
- http://secunia.com/advisories/20026
- http://securityreason.com/securityalert/860
- http://www.osvdb.org/25304
- http://www.securityfocus.com/archive/1/433058/100/0/threaded
- http://www.securityfocus.com/bid/17850
- http://www.vupen.com/english/advisories/2006/1683
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26270