CVE-2009-4250 — MEDIUM (4.3)

Q: How severe is CVE-2009-4250?

CVE-2009-4250 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-4250?

Check the references section above for vendor advisories and patch information. Affected products include: Cutephp Cutenews, Korn19 Utf-8 Cutenews.

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to register.php; (2) the user parameter to search.php; the (3) cat_msg, (4) source_msg, (5) postponed_selected, (6) unapproved_selected, and (7) news_per_page parameters in a list action to the editnews module of index.php; and (8) the link tag in news comments. NOTE: some of the vulnerabilities require register_globals to be enabled and/or magic_quotes_gpc to be disabled.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Cutephp	Cutenews	1.4.6
Korn19	Utf-8 Cutenews	<= 8

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2009-4250?

CVE-2009-4250 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to...

How severe is CVE-2009-4250?

CVE-2009-4250 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-4250?

Check the references section above for vendor advisories and patch information. Affected products include: Cutephp Cutenews, Korn19 Utf-8 Cutenews.