Vulnerabilities > CVE-2007-4212 - Unspecified vulnerability in PHPnuke PHP-Nuke

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

phpnuke

NVD

Published: 2007-08-08

Updated: 2024-11-21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag.

Vulnerable Configurations

Part	Description	Count
Application	Phpnuke Phpnuke PHP Nuke 7.3 Phpnuke PHP Nuke 7.4 Phpnuke PHP Nuke 7.1 Phpnuke PHP Nuke 7.9 Phpnuke PHP Nuke 8.0 Phpnuke PHP Nuke 7.5 Phpnuke PHP Nuke 7.2 Phpnuke PHP Nuke 7.7 Phpnuke PHP Nuke 7.8 Phpnuke PHP Nuke 7.0 Phpnuke PHP Nuke 7.6	11

References

http://osvdb.org/42538
http://osvdb.org/42538
http://securityreason.com/securityalert/2974
http://securityreason.com/securityalert/2974
http://www.securityfocus.com/archive/1/475249/100/0/threaded
http://www.securityfocus.com/archive/1/475249/100/0/threaded
http://www.securityfocus.com/bid/25171
http://www.securityfocus.com/bid/25171