CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-0645

Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.7%

CVSS Severity

CVSS v2 Score 4.3

References

http://marc.info/?l=bugtraq&m=110969774502370&w=2
http://www.kernelpanik.org/docs/kernelpanik/cutenews.txt
http://marc.info/?l=bugtraq&m=110969774502370&w=2
http://www.kernelpanik.org/docs/kernelpanik/cutenews.txt

Products affected by CVE-2005-0645

Cutephp » Cutenews » Version: 1.3.6

cpe:2.3:a:cutephp:cutenews:1.3.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-0645

Products

Pricing

Contact Us