| Vulnerability Name: | CVE-2004-0265 (CCN-15076) | ||||||||
| Assigned: | 2004-02-08 | ||||||||
| Published: | 2004-02-08 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sun Feb 08 2004 - 14:13:24 CST Cross-Site Scripting (XSS) in Php-Nuke 7.1.0 Source: MITRE Type: CNA CVE-2004-0265 Source: BUGTRAQ Type: UNKNOWN 20040208 [waraxe-2004-SA#002] - Cross-Site Scripting (XSS) in Php-Nuke 7.1.0 Source: CCN Type: PHP-Nuke Web site PHP-Nuke Source: CCN Type: OSVDB ID: 3899 PHP-Nuke Reviews Module title Parameter XSS Source: CCN Type: OSVDB ID: 3900 PHP-Nuke News Module friend.php title Parameter XSS Source: CCN Type: BID-10755 PHP-Nuke Reviews Module "title" Parameter Cross-Site Scripting Vulnerability Source: BID Type: Exploit 9605 Source: CCN Type: BID-9605 PHP-Nuke News Module Cross-Site Scripting Vulnerability Source: BID Type: Exploit 9613 Source: CCN Type: BID-9613 PHP-Nuke Reviews Module Cross-Site Scripting Vulnerability Source: XF Type: UNKNOWN phpnuke-mulitple-xss(15076) Source: XF Type: UNKNOWN phpnuke-mulitple-xss(15076) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||