Vulnerability Note VU#247235
CuteSoft Cute Editor 6.4 reflected cross site scripting
Overview
CuteSoft Cute Editor 6.4, and possibly other verions, contains a reflected cross-site scripting (XSS) (CWE-79) vulnerability.
Description
CuteSoft Cute Editor 6.4 has been reported to contain a reflected cross-site scripting (XSS) (CWE-79) vulnerability. The GET request parameter called _UploadID in InsertDocument.aspx is vulnerable to XSS. |
Impact
A remote attacker may be able to disclose sensitive information, steal user cookies, or escalate privileges. |
Solution
Apply an Update Cute Editor 6.6 addresses this vulnerability. |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| CuteSoft | Affected | 03 Jul 2012 | 16 Aug 2012 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | 3.5 | AV:N/AC:M/Au:S/C:N/I:P/A:N |
| Temporal | 2.8 | E:POC/RL:U/RC:UC |
| Environmental | 2.8 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
Credit
Thanks to the reporter who wishes to remain anonymous.
This document was written by Jared Allar.
Other Information
- CVE IDs: CVE-2012-2985
- Date Public: 16 Aug 2012
- Date First Published: 16 Aug 2012
- Date Last Updated: 15 May 2013
- Document Revision: 17
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.