Vulnerabilities > CVE-2004-2354 - Cross-Site Scripting vulnerability in 4Nguestbook

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

francisco-burzi

warpspeed

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.

Vulnerable Configurations

Part	Description	Count
Application	Francisco_Burzi Francisco Burzi PHP Nuke 6.5 Francisco Burzi PHP Nuke 6.5_Beta1 Francisco Burzi PHP Nuke 6.5_Final Francisco Burzi PHP Nuke 6.5_Rc1 Francisco Burzi PHP Nuke 6.5_Rc2 Francisco Burzi PHP Nuke 6.5_Rc3 Francisco Burzi PHP Nuke 6.6 Francisco Burzi PHP Nuke 6.7 Francisco Burzi PHP Nuke 6.9	9
Application	Warpspeed Warpspeed 4Nguestbook 0.92	1

Summary

Vulnerable Configurations

References