| Vulnerability Name: | CCN-16346 | ||||||
| Published: | 2004-06-07 | ||||||
| Updated: | 2004-06-07 | ||||||
| Summary: | PHP-Nuke is vulnerable to cross-site scripting, caused by improper filtering of user-supplied input. A remote attacker could embed malicious script within the id and title variables of the Reviews module in a specially-crafted URL request, which would be executed in the victim's Web browser within the security context of the hosting site, once the URL is clicked. An attacker could use this vulnerability to steal the administrators cookie-based authentication credentials. | ||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.4 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
| ||||||
| Vulnerability Consequences: | Obtain Information | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Jun 07 2004 - 16:30:38 CDT Multiple vulnerabilities PHP-Nuke Source: CCN Type: BID-10493 PHP-Nuke Reviews Module Cross-Site Scripting Vulnerability Source: XF Type: UNKNOWN phpnuke-postcomment-xss(16346) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||