A remote script injection vulnerability affects CutePHP CuteNews. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality.
An attacker may leverage this issue to inject arbitrary server-side scripts locally and client-side scripts remotely, potentially facilitating code execution with the privileges of the affected Web server and cross-site scripting attacks.
POST http://localhost/cutenews/show_news.php?subaction=showcomments&id=1108372700&archive=&start_from=&ucat= HTTP/1.1
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041111 Firefox/1.0