Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via (1) the lastusername parameter to index.php or (2) selected_search_arch parameter to search.php.
Software | From | Fixed in |
---|---|---|
cutephp / cutenews | 1.3.6 | 1.3.6.x |