Overview
CuteSoft Cute Editor 6.4, and possibly other verions, contains a reflected cross-site scripting (XSS) (CWE-79) vulnerability.
Description
CuteSoft Cute Editor 6.4 has been reported to contain a reflected cross-site scripting (XSS) (CWE-79) vulnerability. The GET request parameter called _UploadID in InsertDocument.aspx is vulnerable to XSS. |
Impact
A remote attacker may be able to disclose sensitive information, steal user cookies, or escalate privileges. |
Solution
Apply an Update Cute Editor 6.6 addresses this vulnerability. |
Vendor Information
247235
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 3.5 | AV:N/AC:M/Au:S/C:N/I:P/A:N |
| Temporal | 2.8 | E:POC/RL:U/RC:UC |
| Environmental | 2.8 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to the reporter who wishes to remain anonymous.
This document was written by Jared Allar.
Other Information
| CVE IDs: | CVE-2012-2985 |
| Date Public: | 2012-08-16 |
| Date First Published: | 2012-08-16 |
| Date Last Updated: | 2013-05-15 19:24 UTC |
| Document Revision: | 18 |