CuteSoft Cute Editor 6.4, and possibly other verions, contains a reflected cross-site scripting (XSS) (CWE-79) vulnerability.
CuteSoft Cute Editor 6.4 has been reported to contain a reflected cross-site scripting (XSS) (CWE-79) vulnerability. The GET request parameter called
InsertDocument.aspx is vulnerable to XSS.
Proof of Concept:
A remote attacker may be able to disclose sensitive information, steal user cookies, or escalate privileges.
Apply an Update
Cute Editor 6.6 addresses this vulnerability.
Vendor| Status| Date Notified| Date Updated
CuteSoft| | 03 Jul 2012| 16 Aug 2012
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | 3.5 | AV:N/AC:M/Au:S/C:N/I:P/A:N
Temporal | 2.8 | E:POC/RL:U/RC:UC
Environmental | 2.8 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
Thanks to the reporter who wishes to remain anonymous.
This document was written by Jared Allar.