CVE-2004-1659

Cutephp Cutenews - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Exoduks · textwebappsphp

https://www.exploit-db.com/exploits/24566

View Code ZIP pw:eip

References (4)

Core 4

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/12432

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11097

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=109415338521881&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17214

Scores

EPSS 0.0066

EPSS Percentile 71.1%

Details

Status published

Products (5)

cutephp/cutenews 0.88

cutephp/cutenews 1.3

cutephp/cutenews 1.3.1

cutephp/cutenews 1.3.2

cutephp/cutenews 1.3.6

Published Sep 02, 2004

Tracked Since Feb 18, 2026