CuteNews index.php lastusername Variable XSS

2005-07-19T04:33:38
ID OSVDB:18081
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-07-19T04:33:38

Description

Vulnerability Description

CuteNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'lastusername' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

CuteNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'lastusername' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[path]/index.php?lastusername='><script>alert(document.cookie)</script><!-- http://[target]/[path]/index.php?lastusername=%27%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3C%21--

References:

Vendor URL: http://cutephp.com/cutenews/ Security Tracker: 1014514 Secunia Advisory ID:16129 Related OSVDB ID: 18082 Related OSVDB ID: 18080 Nessus Plugin ID:17255 CVE-2005-2393