Vulnerabilities > CVE-2005-1027 - Cross-Site Scripting vulnerability in PHP-Nuke Modules.PHP Username URI Parameter

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
francisco-burzi
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module.

Exploit-Db

descriptionPHP-Nuke 6.x/7.x Downloads Module Lid Parameter Cross-Site Scripting Vulnerability. CVE-2005-1027. Webapps exploit for php platform
idEDB-ID:25341
last seen2016-02-03
modified2005-04-05
published2005-04-05
reporter[email protected]
sourcehttps://www.exploit-db.com/download/25341/
titlePHP-Nuke 6.x/7.x Downloads Module Lid Parameter Cross-Site Scripting Vulnerability