Vulnerabilities > CVE-2004-2294 - Input Validation vulnerability in PHP-Nuke
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.
Vulnerable Configurations
Exploit-Db
description | PHP-Nuke 6.x/7.x Reviews Module Multiple Parameter XSS. CVE-2004-2294. Webapps exploit for php platform |
id | EDB-ID:24194 |
last seen | 2016-02-02 |
modified | 2004-06-11 |
published | 2004-06-11 |
reporter | Janek Vind |
source | https://www.exploit-db.com/download/24194/ |
title | PHP-Nuke 6.x/7.x Reviews Module Multiple Parameter XSS |