CuteNews 1.3 Comment HTML Injection Vulnerability

ID SSV:78022
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


CutePHP is reported prone to an HTML injection vulnerability.

The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to comment posts are not sufficiently sanitized of malicious HTML code.

An attacker can exploit this vulnerability by adding HTML code within URI arguments. The hostile code may be rendered in the user's browser when the user views the entry.

Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.||1090074219|UserName|none||<script>alert("example");</script>||