Nessus Plugin #12291
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
CuteNews show_news.php XSS
- Family:
- CGI abuses : XSS
- Category:
- attack
- Copyright:
- This script is Copyright (C) 2004 Noam Rathaus
- Summary:
- Checks for the presence of an XSS bug in CuteNews
- Version:
- $Revision: 1.6 $
- Cve_id:
- -
- Bugtraq_id:
- 10620, 10750
- Xrefs:
- OSVDB:7283, OSVDB:7284, OSVDB:7285, OSVDB:7286
- Description:
The remote host is using CuteNews - a news management system written in PHP.
There is a bug in this software which makes it vulnerable to cross site
scripting attacks.
An attacker may use this bug to steal the credentials of the legitimate users
of this site.
Solution : Upgrade to the latest version of this software
Risk factor: Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.