• info
• discussion
• exploit
• solution
• references

CutePHP CuteNews Editnews Module Cross-Site Scripting Vulnerability

An exploit is not required.

The following proof-of-concept URI was provided:

http://www.example.com/index.php?mod=editnews&action=editnews&id=1145397112&source=[XSS]