Vulnerability Name:
CVE-2011-1481 (CCN-66279)
Assigned:
2011-03-23
Published:
2011-03-23
Updated:
2018-08-13
Summary:
Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
CVSS v2 Severity:
4.3 Medium
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
4.1 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
4.3 Medium
(CCN CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
4.1 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
Vulnerability Type:
CWE-79
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2011-1481
Source: CCN
Type: Packetstorm Security Website
PHP-Nuke 8.x Cross Site Scripting
Source: MLIST
Type: Exploit
[oss-security] 20110323 CVE Request: PHP-Nuke 8.x <= Cross Site Scripting Vulnerability
Source: MLIST
Type: Exploit
[oss-security] 20110330 Re: CVE Request: PHP-Nuke 8.x <= Cross Site Scripting Vulnerability
Source: CCN
Type: OSVDB ID: 72121
PHP-Nuke Search modules.php search Field XSS
Source: CCN
Type: PHP-Nuke Web site
PHP-Nuke
Source: CCN
Type: BID-47001
PHP-Nuke 'Feedback' Multiple Cross Site Scripting Vulnerabilities
Source: MISC
Type: Broken Link
http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_scripting
Source: XF
Type: UNKNOWN
phpnuke-modules-feedback-xss(66279)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:phpnuke:php-nuke:5.0:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:5.0.1:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:5.1:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:5.2:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:5.3:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:5.3.1:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:5.4:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:5.5:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.8:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:*:*:*:*:*:*:*:*
(Version <= 8.0)
Configuration CCN 1
:
cpe:/a:phpnuke:php-nuke:5.0:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.8:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.9:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.7:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:8.0:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:8.0.0:final:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
phpnuke
php-nuke 5.0
phpnuke
php-nuke 5.0.1
phpnuke
php-nuke 5.1
phpnuke
php-nuke 5.2
phpnuke
php-nuke 5.3
phpnuke
php-nuke 5.3.1
phpnuke
php-nuke 5.4
phpnuke
php-nuke 5.5
phpnuke
php-nuke 5.6
phpnuke
php-nuke 6.0
phpnuke
php-nuke 6.5
phpnuke
php-nuke 6.6
phpnuke
php-nuke 6.7
phpnuke
php-nuke 6.8
phpnuke
php-nuke 6.9
phpnuke
php-nuke 7.0
phpnuke
php-nuke 7.1
phpnuke
php-nuke 7.2
phpnuke
php-nuke 7.3
phpnuke
php-nuke 7.4
phpnuke
php-nuke 7.5
phpnuke
php-nuke 7.6
phpnuke
php-nuke 7.7
phpnuke
php-nuke 7.8
phpnuke
php-nuke 7.9
phpnuke
php-nuke *
phpnuke
php-nuke 5.0
phpnuke
php-nuke 7.0
phpnuke
php-nuke 7.4
phpnuke
php-nuke 7.6
phpnuke
php-nuke 7.5
phpnuke
php-nuke 7.8
phpnuke
php-nuke 7.9
phpnuke
php-nuke 7.7
phpnuke
php-nuke 8.0
phpnuke
php-nuke 7.1
phpnuke
php-nuke 7.2
phpnuke
php-nuke 7.3
phpnuke
php-nuke 8.0.0 final
Denotes that component is vulnerable