Vulnerabilities > CVE-2005-1027 - Cross-Site Scripting vulnerability in PHP-Nuke Modules.PHP Username URI Parameter
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module.
Vulnerable Configurations
Exploit-Db
description | PHP-Nuke 6.x/7.x Downloads Module Lid Parameter Cross-Site Scripting Vulnerability. CVE-2005-1027. Webapps exploit for php platform |
id | EDB-ID:25341 |
last seen | 2016-02-03 |
modified | 2005-04-05 |
published | 2005-04-05 |
reporter | [email protected] |
source | https://www.exploit-db.com/download/25341/ |
title | PHP-Nuke 6.x/7.x Downloads Module Lid Parameter Cross-Site Scripting Vulnerability |