CuteSoft Cute Editor 6.4, and possibly other verions, contains a reflected cross-site scripting (XSS) (CWE-79) vulnerability.
CuteSoft Cute Editor 6.4 has been reported to contain a reflected cross-site scripting (XSS) (CWE-79) vulnerability. The GET request parameter called _UploadID in InsertDocument.aspx is vulnerable to XSS.
A remote attacker may be able to disclose sensitive information, steal user cookies, or escalate privileges.
Apply an Update
Cute Editor 6.6 addresses this vulnerability.
Thanks to the reporter who wishes to remain anonymous.
This document was written by Jared Allar.
|Date First Published:||2012-08-16|
|Date Last Updated:||2013-05-15 19:24 UTC|