Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2352

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2352
Last Modified 05 Sep 2008 04:43:53
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2352

Summary

Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is not cleansed by PHP-Nuke.

Vulnerable Systems

Application

  • Martin Bauer Gbook

  • Martin Bauer Gbook 1.4


References

XF - gbook-message-html-injection(15027)

BID - 9559

BUGTRAQ - 20040202 [waraxe-2004-SA#001] - Script injection in GBook for Php-Nuke ver. 1.0

SECTRACK - 1008930


Last Updated: 27 May 2016 10:39:26