Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5039


Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5039
Last Modified 30 Apr 2009 01:29:57
Published 12 Nov 2008 04:09:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modules.php.

Vulnerable Systems


  • Php-nuke League Module

  • Php-nuke League Module 2.4


XF - nukeleague-module-sql-injection(46154)

BID - 31952

BUGTRAQ - 20081028 PHP-Nuke Module League (team&tid) XSS Vulnerability

SREASON - 4575

Last Updated: 27 May 2016 10:48:42