{"vuid":"VU#247235","idnumber":"247235","name":"CuteSoft Cute Editor 6.4 reflected cross site scripting","keywords":["CuteSoft","Cute Editor",".NET","XSS"],"overview":"CuteSoft Cute Editor 6.4, and possibly other verions, contains a reflected cross-site scripting (XSS) (CWE-79) vulnerability.","clean_desc":"CuteSoft Cute Editor 6.4 has been reported to contain a reflected cross-site scripting (XSS) (CWE-79) vulnerability. The GET request parameter called _UploadID in InsertDocument.aspx is vulnerable to XSS. Proof of Concept: _UploadID=InputFileImage_1340289404744_15ff6c','unabletofind');alert(1)//167adfd47572ff250","impact":"A remote attacker may be able to disclose sensitive information, steal user cookies, or escalate privileges.","resolution":"Apply an Update Cute Editor 6.6 addresses this vulnerability.","workarounds":"","sysaffected":"","thanks":"Thanks to the reporter who wishes to remain anonymous.","author":"This document was written by Jared Allar.","public":["http://cwe.mitre.org/data/definitions/79.html","http://cutesoft.net/ASP.NET+WYSIWYG+Editor/"],"cveids":["CVE-2012-2985"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-07-02T16:28:59Z","publicdate":"2012-08-16T00:00:00Z","datefirstpublished":"2012-08-16T19:12:30Z","dateupdated":"2013-05-15T19:24:44Z","revision":18,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"3.5","cvss_basevector":"AV:N/AC:M/Au:S/C:N/I:P/A:N","cvss_temporalscore":"2.8","cvss_environmentalscore":"2.8","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}