Vulnerability Description
Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cutephp | Cutenews | 0.88 |
References
- http://marc.info/?l=bugtraq&m=109415338521881&w=2
- http://secunia.com/advisories/12432Vendor Advisory
- http://www.securityfocus.com/bid/11097ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17214
- http://marc.info/?l=bugtraq&m=109415338521881&w=2
- http://secunia.com/advisories/12432Vendor Advisory
- http://www.securityfocus.com/bid/11097ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17214
FAQ
What is CVE-2004-1659?
CVE-2004-1659 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web scrip...
How severe is CVE-2004-1659?
CVE-2004-1659 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1659?
Check the references section above for vendor advisories and patch information. Affected products include: Cutephp Cutenews.