Vulnerabilities > CVE-2006-0185 - Modules IMG Tag HTML Injection vulnerability in PHP-Nuke News Module and Pool Module

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
php-nuke
exploit available
NVD
Published: 2006-01-12
Updated: 2011-03-08

Summary

Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.

Vulnerable Configurations

Part Description Count
Application
Php-Nuke
2

Exploit-Db

descriptionPHP-Nuke News Submission Story Text Field XSS. CVE-2006-0185. Webapps exploit for php platform
idEDB-ID:27060
last seen2016-02-03
modified2006-01-09
published2006-01-09
reporternight_warrior771
sourcehttps://www.exploit-db.com/download/27060/
titlePHP-Nuke News Submission Story Text Field XSS

References