[KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability

[KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability

KAPDA New advisory

Vulnerable products : CuteNews1.4.1
Vendor: www.cutephp.com
Risk: Low
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi and imei addmimistrator
roozbeh_afrasiabi[at]yahoo[dot]com
www.kapda.ir
www.persiax.com

Date :
--------------------
Found : N/A
Vendor Contacted : N/A

About :
--------------------
"Cute news is a powerful and easy for using news management system that use 
flat files to store its database. It supports comments, archives, 
search function, image uploading,backup function, IP banning, flood protection 
..." (from cutephp.org)

Vulnerability:
--------------------
Cross_Site_Scripting :

CuteNews is affected by a cross-site scripting vulnerability.This issue is due 
to the failure of the application to properly sanitize user-
supplied input.

As a result of this vulnerability, it is possible for a remote attacker to 
create a malicious link containing script code that will be executed in the 
browser of an unsuspecting user when followed.

Detail and PoC :
--------------------
please view original advisory for more info

Solution :
--------------------
N/A

Original Advisory :
--------------------
http://kapda.ir/advisory-277.html

Credit :
--------------------
Discoverd by Roozbeh Afrasiabi and imei addmimistrator
roozbeh_afrasiabi@yahoo.com
Kapda
Security Science Researchers Insitute
www.kapda.ir
www.persiax.com