Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2001-1524

Published: 31/12/2001 Updated: 10/09/2008
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 440
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Francisco Burzi

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.

Vulnerable Product Search on Vulmon Subscribe to Product

francisco burzi php-nuke 3.0

francisco burzi php-nuke 5.0

francisco burzi php-nuke 5.1

francisco burzi php-nuke 5.2a

francisco burzi php-nuke 5.3.1

francisco burzi php-nuke 4.0

francisco burzi php-nuke 4.3

francisco burzi php-nuke 4.4

francisco burzi php-nuke 4.4.1a

francisco burzi php-nuke 5.0.1

francisco burzi php-nuke 5.2

Exploits

Exploit DB: PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - 'modules.php' Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/3609/info PHPNuke is a website creation/maintenance tool PHPNuke is prone to cross-site scripting attacks It is possible to create a link to the PHPNuke user information page, 'userphp', which contains malicious script code When the link is clicked by an unsuspecting web user, the malicious script co ...
Exploit DB: PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - 'user.php?uname' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/3609/info PHPNuke is a website creation/maintenance tool PHPNuke is prone to cross-site scripting attacks It is possible to create a link to the PHPNuke user information page, 'userphp', which contains malicious script code When the link is clicked by an unsuspecting web user, the malicious script code ...

References

NVD-CWE-Otherhttp://online.securityfocus.com/archive/82/243545http://online.securityfocus.com/archive/1/245691http://online.securityfocus.com/archive/1/245875http://online.securityfocus.com/archive/82/246603http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gzhttp://www.iss.net/security_center/static/7654.phphttp://www.securityfocus.com/bid/3609https://nvd.nist.govhttps://www.exploit-db.com/exploits/21166/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook