CVE-2004-0660
published 2004-08-06CVE-2004-0660: Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to…
PriorityP424medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.95%
89.1th percentile
Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cutephp | cutenews | — | — |
| cutephp | cutenews | — | — |
| cutephp | cutenews | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CuteNews 1.3 - Comment HTML Injection
exploitdb·2004-07-19
CVE-2004-0660 CuteNews 1.3 - Comment HTML Injection
CuteNews 1.3 - Comment HTML Injection
---
source: https://www.securityfocus.com/bid/10750/info
CutePHP is reported prone to an HTML injection vulnerability.
The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to comment posts are not sufficiently sanitized of malicious HTML code.
An attacker can exploit this vulnerability by adding HTML code within URI arguments. The hostile code may be rendered in the user's browser when the user views the entry.
Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.
http://www.example.com/show_news.php?subaction=addcomment&name=UserName&comments=http://www.example.com&id=1078525267||1090074219|UserName|none|127.0.0.1|alert("exam
Exploit-DB
CuteNews 1.3.1 - 'show_archives.php' Cross-Site Scripting
exploitdb·2004-07-16
CVE-2004-0660 CuteNews 1.3.1 - 'show_archives.php' Cross-Site Scripting
CuteNews 1.3.1 - 'show_archives.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10948/info
It is reported that CuteNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
This vulnerability is reported to exist in version 1.3.1 of CuteNews. Other versions may also be affected.
http://www.example.c
Exploit-DB
CuteNews 0.88/1.3 - 'show_archives.php' Cross-Site Scripting
exploitdb·2004-06-28
CVE-2004-0660 CuteNews 0.88/1.3 - 'show_archives.php' Cross-Site Scripting
CuteNews 0.88/1.3 - 'show_archives.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10620/info
It is reported that CuteNews is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
The problems present themselves when malicious HTML and script code is sent to the application through the 'id' parameter of the multiple scripts.
These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.
http://www.example.com/show_archives.php?subaction=showcomments&id=alert(document.cookie);&archive=&start_from=&ucat=&&a
Exploit-DB
CuteNews 0.88/1.3 - 'example2.php' Cross-Site Scripting
exploitdb·2004-06-28
CVE-2004-0660 CuteNews 0.88/1.3 - 'example2.php' Cross-Site Scripting
CuteNews 0.88/1.3 - 'example2.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10620/info
It is reported that CuteNews is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
The problems present themselves when malicious HTML and script code is sent to the application through the 'id' parameter of the multiple scripts.
These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.
http://www.example.com/example2.php?subaction=showfull&id=alert(document.cookie);
Exploit-DB
CuteNews 0.88/1.3 - 'example1.php' Cross-Site Scripting
exploitdb·2004-06-28
CVE-2004-0660 CuteNews 0.88/1.3 - 'example1.php' Cross-Site Scripting
CuteNews 0.88/1.3 - 'example1.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10620/info
It is reported that CuteNews is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
The problems present themselves when malicious HTML and script code is sent to the application through the 'id' parameter of the multiple scripts.
These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.
http://www.example.com/example1.php?subaction=showfull&id=alert(document.cookie);
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108844000409449&w=2http://www.swp-zone.org/archivos/advisory-06.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/16525http://marc.info/?l=bugtraq&m=108844000409449&w=2http://www.swp-zone.org/archivos/advisory-06.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/16525
2004-08-06
Published