Lucene search

[email protected]NVD:CVE-2009-4172

HistoryDec 02, 2009 - 7:30 p.m.

CVE-2009-4172

2009-12-0219:30:00

CWE-79

[email protected]

web.nvd.nist.gov

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.3%

JSON

Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the body of a news article in an addnews action.

Affected configurations

NVD

Node

cutephpcutenewsMatch1.4.6

korn19utf-8_cutenewsMatch8

korn19utf-8_cutenewsMatch8b

References

www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt

www.securityfocus.com/archive/1/507782/100/0/threaded

www.securityfocus.com/bid/36971

exchange.xforce.ibmcloud.com/vulnerabilities/54225

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.3%

JSON

Related for NVD:CVE-2009-4172

prion1 cvelist1 cve1 openvas2