CVE-2005-1000

Loading...

General

Score:4.3/10.0
Severity:Low
Category:N/A
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 02/05/05 - Updated on 11/07/17

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.

Category:

There is insufficient information about the issue to classify it; details are unknown or unspecified.

Security Notices

US National Vulnerability DatabaseCVE-2005-1000

Exploits

Exploit-DBEDB-25339, EDB-25340, EDB-25342, EDB-25343

Relative technologies

VendorProduct
francisco_burziphp-nuke

Share this vulnerability with:

Twitter Facebook LinkedIn Mail