Vulnerabilities > CVE-2005-1000 - Unspecified vulnerability in Francisco Burzi PHP-Nuke 7.6
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description PHP-Nuke 7.6 Web_Links Module Multiple Cross-Site Scripting Vulnerabilities. CVE-2005-1000. Webapps exploit for php platform id EDB-ID:25342 last seen 2016-02-03 modified 2005-04-06 published 2005-04-06 reporter Maksymilian Arciemowicz source https://www.exploit-db.com/download/25342/ title PHP-Nuke 7.6 Web_Links Module Multiple Cross-Site Scripting Vulnerabilities description PHP-Nuke 7.6 Banners.PHP Cross-Site Scripting Vulnerability. CVE-2005-1000. Webapps exploit for php platform id EDB-ID:25343 last seen 2016-02-03 modified 2005-04-06 published 2005-04-06 reporter Maksymilian Arciemowicz source https://www.exploit-db.com/download/25343/ title PHP-Nuke 7.6 Banners.PHP Cross-Site Scripting Vulnerability description PHP-Nuke 6.x/7.x Your_Account Module Avatarcategory Cross-Site Scripting Vulnerability. CVE-2005-1000. Webapps exploit for php platform id EDB-ID:25340 last seen 2016-02-03 modified 2005-04-05 published 2005-04-05 reporter [email protected] source https://www.exploit-db.com/download/25340/ title PHP-Nuke 6.x/7.x Your_Account Module Avatarcategory Cross-Site Scripting Vulnerability description PHP-Nuke 6.x/7.x Your_Account Module Username Cross-Site Scripting Vulnerability. CVE-2005-1000. Webapps exploit for php platform id EDB-ID:25339 last seen 2016-02-03 modified 2005-04-05 published 2005-04-05 reporter [email protected] source https://www.exploit-db.com/download/25339/ title PHP-Nuke 6.x/7.x Your_Account Module Username Cross-Site Scripting Vulnerability