Vulnerability Name: | CVE-2005-1000 (CCN-19952) | ||||||||
Assigned: | 2005-04-03 | ||||||||
Published: | 2005-04-03 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module. | ||||||||
CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: BUGTRAQ Type: Exploit, Vendor Advisory 20050404 [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12 Source: CCN Type: BugTraq Mailing List, Mon Apr 04 2005 - 16:50:25 CDT PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12 Source: CCN Type: BugTraq Mailing List, Sun Apr 03 2005 - 16:17:23 CDT Full path disclosure and XSS in PHPNuke Source: MITRE Type: CNA CVE-2005-1000 Source: MITRE Type: CNA CVE-2005-1023 Source: BUGTRAQ Type: UNKNOWN 20050403 Full path disclosure and XSS in PHPNuke Source: CCN Type: OSVDB ID: 15398 PHP-Nuke Web_Links Module Multiple Parameter XSS Source: CCN Type: OSVDB ID: 15399 PHP-Nuke banners.php bid Parameter XSS Source: CCN Type: OSVDB ID: 15400 PHP-Nuke Your_Account Module Multiple Parameter XSS Source: CCN Type: OSVDB ID: 15419 PHP-Nuke Search Module min Parameter XSS Source: CCN Type: OSVDB ID: 6997 PHP-Nuke FAQ Module categories Parameter XSS Source: CCN Type: PHP-Nuke Web site PHP-Nuke Source: CCN Type: BID-12983 PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities Source: CCN Type: BID-13007 PHP-Nuke Your_Account Module Username Cross-Site Scripting Vulnerability Source: CCN Type: BID-13025 PHP-Nuke Web_Links Module Multiple Cross-Site Scripting Vulnerabilities Source: CCN Type: BID-13026 PHP-Nuke Banners.PHP Cross-Site Scripting Vulnerability Source: CCN Type: SecurityReason-2005-SRA#04 Full path disclosure and XSS in PHPNuke Source: XF Type: UNKNOWN phpnuke-modulesphp-xss(19952) Source: XF Type: UNKNOWN phpnuke-modulesphp-xss(19952) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |