5 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to register.php; 2 the user parameter to search.php; the 3 catmsg, 4 sourcemsg, 5 postponedselected, 6...
CVE-2009-4250
Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to register.php; 2 the user parameter to search.php; the 3 catmsg, 4 sourcemsg, 5 postponedselected, 6...
CVE-2009-4250
Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to register.php; 2 the user parameter to search.php; the 3 catmsg, 4 sourcemsg, 5 postponedselected, 6...
Directory traversal
Directory traversal vulnerability in the editnews module inc/editnews.mdu in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the 1 editnews or 2 doeditnews action. NOTE: this can also produce resultant XSS when the target file does not exist...
CVE-2006-1925
Directory traversal vulnerability in the editnews module inc/editnews.mdu in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the 1 editnews or 2 doeditnews action. NOTE: this can also produce resultant XSS when the target file does not exist...