CuteNews <= 1.3.6 Multiple XSS / Code Execution

medium Nessus Network Monitor Plugin ID 2253

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

According to its version number, the remote host is running a version of CuteNews that allows an attacker to inject arbitrary script through the variables 'X-FORWARDED-FOR' or 'CLIENT-IP' when adding a comment. On one hand, an attacker can inject a client-side script to be executed by an administrator's browser when he/she chooses to edit the added comment. On the other, an attacker with local access could leverage this flaw to run arbitrary PHP code in the context of the web server user. Additionally, it suffers from a cross-site scripting flaw involving the 'search.php' script.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.kernelpanik.org/docs/kernelpanik/cutenews.txt

http://retrogod.altervista.org/cutenews.html

Plugin Details

Severity: Medium

ID: 2253

Family: Web Servers

Published: 9/3/2004

Updated: 3/6/2019

Nessus ID: 17256

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.9

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:cutephp:cutenews

Reference Information

CVE: CVE-2004-1659, CVE-2005-0645

BID: 11097, 12691, 14328