Описание
Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.
Ссылки
- Vendor Advisory
- ExploitVendor Advisory
- Vendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cutephp:cutenews:0.88:*:*:*:*:*:*:*
cpe:2.3:a:cutephp:cutenews:1.3:*:*:*:*:*:*:*
cpe:2.3:a:cutephp:cutenews:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cutephp:cutenews:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:cutephp:cutenews:1.3.6:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00655
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.
EPSS
Процентиль: 71%
0.00655
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other