Vulnerabilities > Korn19 > UTF 8 Cutenews > 8b
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-12-02 | CVE-2009-4172 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action. | 2.6 |