CVE-2006-2249 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier and possibly 1.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) user (2) story or (3) title parameters.

Reference

http://neosecurityteam.net/index.php?action=advisories&id=21 http://secunia.com/advisories/20026 http://securityreason.com/securityalert/860 http://www.osvdb.org/25304 http://www.securityfocus.com/archive/1/433058/100/0/threaded http://www.securityfocus.com/bid/17850 http://www.vupen.com/english/advisories/2006/1683 https://exchange.xforce.ibmcloud.com/vulnerabilities/26270