| Vulnerability Name: | CCN-16490 | ||||||
| Published: | 2004-06-22 | ||||||
| Updated: | 2004-06-22 | ||||||
| Summary: | PHP-Nuke is vulnerable to cross-site scripting. A remote attacker could submit a journal entry that contains malicious script embedded within the title field, which would be executed in the victim's Web browser within the security context of the hosting site, once the entry is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.4 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Tue Jun 22 2004 - 18:59:10 CDT [waraxe-2004-SA#033 - Multiple security holes in PhpNuke - part 1] Source: CCN Type: BID-10595 PHP-Nuke Multiple Vulnerabilities Source: XF Type: UNKNOWN phpnuke-journal-entry-xss(16490) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||