Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1481

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1481
Last Modified 21 Jun 2011 10:54:04
Published 20 Jun 2011 10:52:42
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1481

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.

Vulnerable Systems

Application

  • Phpnuke Php-nuke 5.0

  • Phpnuke Php-nuke 5.0.1

  • Phpnuke Php-nuke 5.1

  • Phpnuke Php-nuke 5.2

  • Phpnuke Php-nuke 5.3

  • Phpnuke Php-nuke 5.3.1

  • Phpnuke Php-nuke 5.4

  • Phpnuke Php-nuke 5.5

  • Phpnuke Php-nuke 5.6

  • Phpnuke Php-nuke 6.0

  • Phpnuke Php-nuke 6.5

  • Phpnuke Php-nuke 6.6

  • Phpnuke Php-nuke 6.7

  • Phpnuke Php-nuke 6.8

  • Phpnuke Php-nuke 6.9

  • Phpnuke Php-nuke 7.0

  • Phpnuke Php-nuke 7.1

  • Phpnuke Php-nuke 7.2

  • Phpnuke Php-nuke 7.3

  • Phpnuke Php-nuke 7.4

  • Phpnuke Php-nuke 7.5

  • Phpnuke Php-nuke 7.6

  • Phpnuke Php-nuke 7.7

  • Phpnuke Php-nuke 7.8

  • Phpnuke Php-nuke 7.9

  • Phpnuke Php-nuke 8.0


References

MISC - http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_scripting

MLIST - [oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x <= Cross Site Scripting Vulnerability

MLIST - [oss-security] 20110323 CVE Request: PHP-Nuke 8.x <= Cross Site Scripting Vulnerability


Last Updated: 27 May 2016 10:56:20