Vulnerabilities > CVE-2007-4212 - Cross-Site Scripting vulnerability in PHP-Nuke Search Module
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
phpnuke
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |