Description
Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter.
Exploits (5)
exploitdb
WORKING POC
VERIFIED
by DarkBicho · textwebappsphp
https://www.exploit-db.com/exploits/24290
exploitdb
WRITEUP
VERIFIED
by Debasis Mohanty · textwebappsphp
https://www.exploit-db.com/exploits/24372
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16525
Various Sources x_refsource_misc
http://www.swp-zone.org/archivos/advisory-06.txt
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108844000409449&w=2
Scores
EPSS
0.0052
EPSS Percentile
66.9%
Details
Status
published
Products (3)
cutephp/cutenews
0.88
cutephp/cutenews
1.3
cutephp/cutenews
1.3.1
Published
Aug 06, 2004
Tracked Since
Feb 18, 2026