Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1524

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2001-1524
Last Modified 10 Sep 2008 03:10:53
Published 31 Dec 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2001-1524

Summary

Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.

Vulnerable Systems

Application

  • Francisco Burzi Php-nuke 3.0

  • Francisco Burzi Php-nuke 4.0

  • Francisco Burzi Php-nuke 4.3

  • Francisco Burzi Php-nuke 4.4

  • Francisco Burzi Php-nuke 4.4.1a

  • Francisco Burzi Php-nuke 5.0

  • Francisco Burzi Php-nuke 5.0.1

  • Francisco Burzi Php-nuke 5.1

  • Francisco Burzi Php-nuke 5.2

  • Francisco Burzi Php-nuke 5.2a

  • Francisco Burzi Php-nuke 5.3.1


References

CONFIRM - http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz

XF - phpnuke-postnuke-css(7654)

BID - 3609


Last Updated: 27 May 2016 10:36:42