Lucene search

[email protected]CVE-2009-4172

HistoryDec 02, 2009 - 7:30 p.m.

CVE-2009-4172

2009-12-0219:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-4172

xss

cutephp

cutenews

vulnerability

web script

html

news article

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.3%

JSON

Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action.

Affected configurations

NVD

Node

cutephpcutenewsMatch1.4.6

korn19utf-8_cutenewsMatch8

korn19utf-8_cutenewsMatch8b

CPENameOperatorVersion
cutephp:cutenewscutephp cutenewseq1.4.6
korn19:utf-8_cutenewskorn19 utf-8 cutenewseq8
korn19:utf-8_cutenewskorn19 utf-8 cutenewseq8b

CPE	Name	Operator	Version
cutephp:cutenews	cutephp cutenews	eq	1.4.6
korn19:utf-8_cutenews	korn19 utf-8 cutenews	eq	8
korn19:utf-8_cutenews	korn19 utf-8 cutenews	eq	8b

References

www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt

www.securityfocus.com/archive/1/507782/100/0/threaded

www.securityfocus.com/bid/36971

exchange.xforce.ibmcloud.com/vulnerabilities/54225

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.3%

JSON

Related for CVE-2009-4172

prion1 cvelist1 nvd1 openvas2