Vulnerabilities > CVE-2004-1913 - Multiple vulnerability in NukeCalendar

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

francisco-burzi

shiba-design

exploit available

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter.

Vulnerable Configurations

Part	Description	Count
Application	Francisco_Burzi Francisco Burzi PHP Nuke 8.0_Final	1
Application	Shiba-Design Shiba Design Nukecalendar 1.1.A	1

Exploit-Db

description	NukeCalendar 1.1 .a eid Parameter XSS. CVE-2004-1913. Webapps exploit for php platform
id	EDB-ID:23932
last seen	2016-02-02
modified	2004-04-08
published	2004-04-08
reporter	Janek Vind
source	https://www.exploit-db.com/download/23932/
title	NukeCalendar 1.1.a - eid Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

References