Vulnerability Note VU#247235
CuteSoft Cute Editor 6.4 reflected cross site scripting
CuteSoft Cute Editor 6.4, and possibly other verions, contains a reflected cross-site scripting (XSS) (CWE-79) vulnerability.
CuteSoft Cute Editor 6.4 has been reported to contain a reflected cross-site scripting (XSS) (CWE-79) vulnerability. The GET request parameter called _UploadID in InsertDocument.aspx is vulnerable to XSS.
A remote attacker may be able to disclose sensitive information, steal user cookies, or escalate privileges.
Apply an Update
Cute Editor 6.6 addresses this vulnerability.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|CuteSoft||Affected||03 Jul 2012||16 Aug 2012|
CVSS Metrics (Learn More)
Thanks to the reporter who wishes to remain anonymous.
This document was written by Jared Allar.
- CVE IDs: CVE-2012-2985
- Date Public: 16 Aug 2012
- Date First Published: 16 Aug 2012
- Date Last Updated: 15 May 2013
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.