Vulnerabilities > CVE-2005-1000 - Unspecified vulnerability in Francisco Burzi PHP-Nuke 7.6

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
francisco-burzi
exploit available
NVD
Published: 2005-05-02
Updated: 2017-07-11

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.

Vulnerable Configurations

Part Description Count
Application
Francisco_Burzi
1

Exploit-Db

  • descriptionPHP-Nuke 7.6 Web_Links Module Multiple Cross-Site Scripting Vulnerabilities. CVE-2005-1000. Webapps exploit for php platform
    idEDB-ID:25342
    last seen2016-02-03
    modified2005-04-06
    published2005-04-06
    reporterMaksymilian Arciemowicz
    sourcehttps://www.exploit-db.com/download/25342/
    titlePHP-Nuke 7.6 Web_Links Module Multiple Cross-Site Scripting Vulnerabilities
  • descriptionPHP-Nuke 7.6 Banners.PHP Cross-Site Scripting Vulnerability. CVE-2005-1000. Webapps exploit for php platform
    idEDB-ID:25343
    last seen2016-02-03
    modified2005-04-06
    published2005-04-06
    reporterMaksymilian Arciemowicz
    sourcehttps://www.exploit-db.com/download/25343/
    titlePHP-Nuke 7.6 Banners.PHP Cross-Site Scripting Vulnerability
  • descriptionPHP-Nuke 6.x/7.x Your_Account Module Avatarcategory Cross-Site Scripting Vulnerability. CVE-2005-1000. Webapps exploit for php platform
    idEDB-ID:25340
    last seen2016-02-03
    modified2005-04-05
    published2005-04-05
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/25340/
    titlePHP-Nuke 6.x/7.x Your_Account Module Avatarcategory Cross-Site Scripting Vulnerability
  • descriptionPHP-Nuke 6.x/7.x Your_Account Module Username Cross-Site Scripting Vulnerability. CVE-2005-1000. Webapps exploit for php platform
    idEDB-ID:25339
    last seen2016-02-03
    modified2005-04-05
    published2005-04-05
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/25339/
    titlePHP-Nuke 6.x/7.x Your_Account Module Username Cross-Site Scripting Vulnerability

References