Vulnerabilities > CVE-2004-1840 - Cross-Site Scripting vulnerability in PHP-Nuke MS-Analysis Module

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

francisco-burzi

NVD

Published: 2004-03-22

Updated: 2017-07-11

Summary

Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php.

Vulnerable Configurations

Part	Description	Count
Application	Francisco_Burzi Francisco Burzi PHP Nuke 6.5 Francisco Burzi PHP Nuke 6.5_Beta1 Francisco Burzi PHP Nuke 6.5_Final Francisco Burzi PHP Nuke 6.5_Rc1 Francisco Burzi PHP Nuke 6.5_Rc2 Francisco Burzi PHP Nuke 6.5_Rc3 Francisco Burzi PHP Nuke 6.6 Francisco Burzi PHP Nuke 6.7 Francisco Burzi PHP Nuke 6.9 Francisco Burzi PHP Nuke 7.0 Francisco Burzi PHP Nuke 7.0_Final	11

Summary

Vulnerable Configurations

References