Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2025/12/07 6:5 a.m.8 views

CVE-2025-13656

The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS5AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/06 6:30 a.m.5 views

EUVD-2025-201525

The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS4.7AI score0.00201EPSS
Exploits0References5
NVD
NVD
added 2025/12/06 6:15 a.m.4 views

CVE-2025-13656

The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS0.00201EPSS
Exploits0References4
CVE
CVE
added 2025/12/06 5:49 a.m.21 views

CVE-2025-13656

CVE-2025-13656 (Cute News Ticker, WordPress) is a stored cross-site scripting vulnerability in the Cute News Ticker plugin (WordPress) affecting versions up to 1.0. It stems from insufficient input sanitization and output escaping of the color shortcode attribute, allowing an authenticated attack...

6.4CVSS4.7AI score0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/06 5:49 a.m.2 views

CVE-2025-13656 Cute News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute

The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS4.7AI score0.00201EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/06 5:49 a.m.24 views

CVE-2025-13656 Cute News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute

The Cute News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS0.00201EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/06 12:0 a.m.4 views

WordPress plugin Cute News Ticker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.7AI score0.00201EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2021/03/18 9:24 a.m.100 views

Exploit for Unrestricted Upload of File with Dangerous Type in Cutephp Cutenews

CVE-2019-11447 CutePHP Cute News 2.1.2 RCE PoC Target :...

8.8CVSS8.7AI score0.52901EPSS
Exploits10
OSV
OSV
added 2020/03/25 2:15 a.m.5 views

CVE-2020-5558

CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors...

8.8CVSS7.2AI score0.0205EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 8:42 a.m.4 views

CuteNews vulnerable to cross-site scripting

Overview Cute News provided by CutePHP.com is a system to manage news. Cute News contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this...

6.1CVSS6.2AI score0.00773EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 8:40 a.m.3 views

Cute News vulnerable to PHP code execution

Overview Cute News provided by CutePHP.com is a system to manage news. Cute News contains a PHP code execution vulnerability CWE-94. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this...

9CVSS7.8AI score0.0205EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 12:0 a.m.95 views

JVN#58176087: Cute News vulnerable to PHP code execution

Cute News provided by CutePHP.com is a system to manage news. Cute News contains a PHP code execution vulnerability CWE-94. Impact A user who can login to CuteNews may execute arbitrary PHP code. Solution Consider stop using Cute News 2.1.2 Since the developer was unreachable, existence of any...

9CVSS9AI score0.0205EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/24 12:0 a.m.81 views

JVN#29095127: CuteNews vulnerable to cross-site scripting

Cute News provided by CutePHP.com is a system to manage news. Cute News contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user with a login privilege to the website that uses Cute News while accessing the website. Solution...

6.1CVSS6.1AI score0.00773EPSS
Exploits0
Packet Storm
Packet Storm
added 2012/06/27 12:0 a.m.31 views

Cute News 1.4.7 Cross Site Request Forgery

In The Name Of Allah +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Exploit Title:Cute News -Add admin CSRF Vulnerablity Date : 2012-06-26 Author : Black-Hole Vendor : http://cutephp.com/ Version: 1.4.7 E-Mail: Gigelaknak at Yahoo dot com Visit us:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2009/11/17 12:0 a.m.55 views

Cute News XSS / LFI / Bypass

MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Cute News and UTF-8 Cute News 1. Advisory Information ------------------------------------------------------------------------------------------------------------------------ Title: Multiple security...

Exploits0
securityvulns
securityvulns
added 2009/11/11 12:0 a.m.130 views

[MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News

MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Cute News and UTF-8 Cute News 1. Advisory Information ------------------------------------------------------------------------------------------------------------------------ Title: Multiple security...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2009/11/10 12:0 a.m.65 views

CuteNews and UTF-8 CuteNews - Multiple Vulnerabilities

MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Cute News and UTF-8 Cute News 1. Advisory Information ------------------------------------------------------------------------------------------------------------------------ Title: Multiple security...

7.4AI score
Exploits0
0day.today
0day.today
added 2009/11/10 12:0 a.m.40 views

CuteNews and UTF-8 CuteNews Multiple Security Vulnerabilities

Exploit for unknown platform in category web applications ============================================================= CuteNews and UTF-8 CuteNews Multiple Security Vulnerabilities ============================================================= Multiple security issues in Cute News and UTF-8 Cute...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2008/10/14 10:36 p.m.3 views

CVE-2008-4557

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 aka Strawberry allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression...

10CVSS6.2AI score0.45338EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.4 views

CVE-2007-1153

Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: issue might overlap...

7.5CVSS6.2AI score0.01799EPSS
Exploits1References3
Rows per page
Query Builder