Vulnerability Note VU#247235

CuteSoft Cute Editor 6.4 reflected cross site scripting

Original Release date: 16 Aug 2012 | Last revised: 15 May 2013


CuteSoft Cute Editor 6.4, and possibly other verions, contains a reflected cross-site scripting (XSS) (CWE-79) vulnerability.


CuteSoft Cute Editor 6.4 has been reported to contain a reflected cross-site scripting (XSS) (CWE-79) vulnerability. The GET request parameter called _UploadID in InsertDocument.aspx is vulnerable to XSS.

Proof of Concept:


A remote attacker may be able to disclose sensitive information, steal user cookies, or escalate privileges.


Apply an Update

Cute Editor 6.6 addresses this vulnerability.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
CuteSoftAffected03 Jul 201216 Aug 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N
Temporal 2.8 E:POC/RL:U/RC:UC
Environmental 2.8 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND



Thanks to the reporter who wishes to remain anonymous.

This document was written by Jared Allar.

Other Information

  • CVE IDs: CVE-2012-2985
  • Date Public: 16 Aug 2012
  • Date First Published: 16 Aug 2012
  • Date Last Updated: 15 May 2013
  • Document Revision: 17


If you have feedback, comments, or additional information about this vulnerability, please send us email.