CVE-2004-1659 Information

Description

Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator Editor Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.

Reference

http://marc.info/?l=bugtraq&m=109415338521881&w=2 http://secunia.com/advisories/12432 http://www.securityfocus.com/bid/11097 https://exchange.xforce.ibmcloud.com/vulnerabilities/17214