Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Cutenews search.php Cross Site Scripting Vulerability Vulnerability Scan


Vulnerability Scan Summary
Tries to inject javascript code.

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is affected by a
cross-site scripting issue.

Description:

The version of Cutenews installed on the remote host fails to sanitize
input to the 'search.php' script before using it to generate dynamic
HTML to be returned to the user. An unauthenticated attacker can
exploit this issue to execute a cross-site scripting attack.

This version of Cutenews is also likely affected by other associated
issues.

See also :

http://www.kapda.ir/advisory-450.html

Solution :

Unknown at this time.

Threat Level:

Low / CVSS Base Score : 1.9
(AV:R/AC:H/Au:NR/C:N/I:P/A:N/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.