Vulnerabilities > CVE-2004-2363 - Unspecified vulnerability in PHPx
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN phpx
exploit available
Summary
Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting (XSS) attacks via hex-encoded tags, which bypass the check for literal "<", ">", "(", and ")" characters, as demonstrated using the limit parameter to forums.php and a variety of other vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Phpx
| 20 |
Exploit-Db
| description | PHPX 3.x Multiple Cross-Site Scripting Vulnerabilities. CVE-2004-2363. Webapps exploit for php platform |
| id | EDB-ID:24083 |
| last seen | 2016-02-02 |
| modified | 2004-05-05 |
| published | 2004-05-05 |
| reporter | JeiAr |
| source | https://www.exploit-db.com/download/24083/ |
| title | PHPX 3.x - Multiple Cross-Site Scripting Vulnerabilities |