| Vulnerability Name: | CCN-16489 | ||||||
| Published: | 2004-06-22 | ||||||
| Updated: | 2004-06-22 | ||||||
| Summary: | PHP-Nuke is vulnerable to cross-site scripting in the Journal module, caused by improper filtering of user-supplied input. A remote attacker could embed malicious script in multiple variables in a specially-crafted URL request, which would be executed in the victim's Web browser within the security context of the hosting site, once the URL is clicked. An attacker could use this vulnerability to steal the administrators cookie-based authentication credentials. | ||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.4 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
| ||||||
| Vulnerability Consequences: | Obtain Information | ||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Tue Jun 22 2004 - 18:59:10 CDT [waraxe-2004-SA#033 - Multiple security holes in PhpNuke - part 1] Source: CCN Type: BID-10595 PHP-Nuke Multiple Vulnerabilities Source: XF Type: UNKNOWN phpnuke-journal-multiple-xss(16489) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||