Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2020

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2020
Last Modified 05 Sep 2008 04:42:59
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2020

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.

Vulnerable Systems

Application

  • Francisco Burzi Php-nuke 6.0

  • Francisco Burzi Php-nuke 6.5

  • Francisco Burzi Php-nuke 6.5 Beta1

  • Francisco Burzi Php-nuke 6.5 Final

  • Francisco Burzi Php-nuke 6.5 Rc1

  • Francisco Burzi Php-nuke 6.5 Rc2

  • Francisco Burzi Php-nuke 6.5 Rc3

  • Francisco Burzi Php-nuke 6.6

  • Francisco Burzi Php-nuke 6.7

  • Francisco Burzi Php-nuke 6.9

  • Francisco Burzi Php-nuke 7.0

  • Francisco Burzi Php-nuke 7.0 Final

  • Francisco Burzi Php-nuke 7.1

  • Francisco Burzi Php-nuke 7.2

  • Francisco Burzi Php-nuke 7.3


References

XF - phpnuke-multi-xss(16172)

MISC - http://www.waraxe.us/index.php?modname=sa&id=29

BID - 10367

SECUNIA - 11625

BUGTRAQ - 20040517 [waraxe-2004-SA#030 - Multiple vulnerabilities in PhpNuke 6.x - 7.3]

OSVDB - 6226

OSVDB - 6225


Last Updated: 27 May 2016 10:39:17