ID de Prueba:	1.3.6.1.4.1.25623.1.0.14318
Categoría:	Web application abuses
Título:	CuteNews < 1.3.2 XSS Vulnerability
Resumen:	CuteNews is prone to a cross-site scripting (XSS); vulnerability.
Descripción:	Summary: CuteNews is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The version of CuteNews on the remote host fails to sanitize input to the 'archive' parameter of the 'show_archives.php' script. An attacker, exploiting this flaw, would need to be able to coerce a user to browse to a purposefully malicious URI. Upon successful exploitation, the attacker would be able to run code within the web-browser in the security context of the CuteNews server. Solution: Update to version 1.3.2 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0660 Bugtraq: 20040628 Cross-Site Scripting CuteNews (Google Search) http://marc.info/?l=bugtraq&m=108844000409449&w=2 http://www.swp-zone.org/archivos/advisory-06.txt XForce ISS Database: cutenews-id-xss(16525) https://exchange.xforce.ibmcloud.com/vulnerabilities/16525
Copyright	Copyright (C) 2004 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.