Vulnerabilities > CVE-2004-0265 - Cross-Site Scripting vulnerability in PHP-Nuke 'News' Module

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
francisco-burzi
exploit available

Summary

Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules.

Exploit-Db

descriptionPHP-Nuke 6.x/7.x 'Reviews' Module Cross-Site Scripting Vulnerability. CVE-2004-0265. Webapps exploit for php platform
idEDB-ID:23669
last seen2016-02-02
modified2004-02-09
published2004-02-09
reporterJanek Vind
sourcehttps://www.exploit-db.com/download/23669/
titlePHP-Nuke 6.x/7.x - 'Reviews' Module Cross-Site Scripting Vulnerability