Vulnerabilities > CVE-2005-2814 - Cross-Site Scripting vulnerability in Flatnuke 2.5.6

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

flatnuke

exploit available

NVD

Published: 2005-09-07

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php.

Vulnerable Configurations

Part	Description	Count
Application	Flatnuke Flatnuke Flatnuke 2.5.6	1

Exploit-Db

description	FlatNuke 2.5.6 USR Parameter Cross-Site Scripting Vulnerability. CVE-2005-2814. Webapps exploit for php platform
id	EDB-ID:26215
last seen	2016-02-03
modified	2005-08-31
published	2005-08-31
reporter	rgod
source	https://www.exploit-db.com/download/26215/
title	FlatNuke 2.5.6 USR Parameter Cross-Site Scripting Vulnerability

References

http://seclists.org/lists/bugtraq/2005/Aug/0440.html
http://securitytracker.com/id?1014824
http://www.securityfocus.com/bid/14704
https://exchange.xforce.ibmcloud.com/vulnerabilities/22101