Lucene search
HistorySep 02, 2004 - 4:00 a.m.
CVE-2004-1659
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.003
Percentile
69.1%
Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.
Affected configurations
Node
cutephpcutenewsMatch0.88
ORcutephpcutenewsMatch1.3
ORcutephpcutenewsMatch1.3.1
ORcutephpcutenewsMatch1.3.2
ORcutephpcutenewsMatch1.3.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cutephp | cutenews | 0.88 | cpe:2.3:a:cutephp:cutenews:0.88:*:*:*:*:*:*:* |
| cutephp | cutenews | 1.3 | cpe:2.3:a:cutephp:cutenews:1.3:*:*:*:*:*:*:* |
| cutephp | cutenews | 1.3.1 | cpe:2.3:a:cutephp:cutenews:1.3.1:*:*:*:*:*:*:* |
| cutephp | cutenews | 1.3.2 | cpe:2.3:a:cutephp:cutenews:1.3.2:*:*:*:*:*:*:* |
| cutephp | cutenews | 1.3.6 | cpe:2.3:a:cutephp:cutenews:1.3.6:*:*:*:*:*:*:* |
Related
openvas
openvas
CuteNews index.php XSS
2005-11-03 00:00:00
CuteNews index.php XSS
2005-11-03 00:00:00
nessus
nessus
CuteNews index.php mod Parameter XSS
2004-09-06 00:00:00
cve
cve
CVE-2004-1659
2005-02-20 05:00:00
exploitdb
exploitdb
CuteNews 0.88/1.3.x - 'index.php' Cross-Site Scripting
2004-09-02 00:00:00
cvelist
cvelist
CVE-2004-1659
2005-02-20 05:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.003
Percentile
69.1%
Related for NVD:CVE-2004-1659