CuteNews search.php selected_search_arch Variable XSS

2005-07-19T04:33:38
ID OSVDB:18082
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-07-19T04:33:38

Description

Vulnerability Description

CuteNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'selected_search_arch' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

CuteNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'selected_search_arch' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/[path]/search.php?selected_search_arch=><script>alert(document.cookie)</script><!-- http://[target]/[path]/search.php?selected_search_arch=%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3C%21--

References:

Vendor URL: http://cutephp.com/cutenews/ Security Tracker: 1014514 Secunia Advisory ID:16129 Related OSVDB ID: 18080 Related OSVDB ID: 18081 Nessus Plugin ID:17255 ISS X-Force ID: 21517 CVE-2005-2393