Cutenews@1.3 Security Vulnerabilities and Issues — Cutenews@1.3 CVE List

Lucene search

CutephpCutenews1.3

3 matches found

CVE•added 2005/02/20 5:0 a.m.•56 views

CVE-2004-1659

Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.

4.3CVSS5.7AI score0.00655EPSS

CVE•added 2005/02/20 5:0 a.m.•44 views

CVE-2004-1573

The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator.

7.2CVSS7.8AI score0.00036EPSS

CVE•added 2005/09/21 8:3 p.m.•33 views

CVE-2005-3009

Cross-site scripting (XSS) vulnerability in CuteNews allows remote attackers to inject arbitrary web script or HTML via the mod parameter to index.php.

4.3CVSS6AI score0.00335EPSS