Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0265

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-0265
Last Modified 05 Sep 2008 04:37:58
Published 23 Nov 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-0265

Summary

Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules.

Vulnerable Systems

Application

  • Francisco Burzi Php-nuke 6.0

  • Francisco Burzi Php-nuke 6.5

  • Francisco Burzi Php-nuke 6.5 Beta1

  • Francisco Burzi Php-nuke 6.5 Final

  • Francisco Burzi Php-nuke 6.5 Rc1

  • Francisco Burzi Php-nuke 6.5 Rc2

  • Francisco Burzi Php-nuke 6.5 Rc3

  • Francisco Burzi Php-nuke 6.6

  • Francisco Burzi Php-nuke 6.7

  • Francisco Burzi Php-nuke 6.9

  • Francisco Burzi Php-nuke 7.0

  • Francisco Burzi Php-nuke 7.0 Final

  • Francisco Burzi Php-nuke 7.1


References

XF - phpnuke-mulitple-xss(15076)

BID - 9613

BID - 9605

BUGTRAQ - 20040208 [waraxe-2004-SA#002] - Cross-Site Scripting (XSS) in Php-Nuke 7.1.0


Last Updated: 27 May 2016 10:38:32