Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4212

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4212
Last Modified 14 Oct 2009 01:02:12
Published 07 Aug 2007 10:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4212

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag.

Vulnerable Systems

Application

  • Phpnuke Php-nuke 7.0

  • Phpnuke Php-nuke 7.1

  • Phpnuke Php-nuke 7.2

  • Phpnuke Php-nuke 7.3

  • Phpnuke Php-nuke 7.4

  • Phpnuke Php-nuke 7.5

  • Phpnuke Php-nuke 7.6

  • Phpnuke Php-nuke 7.7

  • Phpnuke Php-nuke 7.8

  • Phpnuke Php-nuke 7.9

  • Phpnuke Php-nuke 8.0


References

BID - 25171

BUGTRAQ - 20070801 PHP-Nuke (ALL versions) Multiple XSS and HTML injection

OSVDB - 42538

SREASON - 2974


Last Updated: 27 May 2016 10:45:48