Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments. NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cutephp CuteNews多个跨站脚本漏洞
Vulnerability Description
Cutenews是一款功能强大的新闻管理系统,使用平坦式文件存储。 CuteNews中存在多个输入验证和访问验证等错误,远程攻击者可以执行跨站脚本、脚本注入、非授权访问等各种攻击,完全入侵有漏洞的系统。CuteNews允许远程攻击者注入任意WEB脚本或HTML代码利用1、register.php的result 参数2、search.php的 user 参数3、cat_msg4、source_msg5、postponed_selected 6、unapproved_selected 7、index.php中
CVSS Information
N/A
Vulnerability Type
N/A