Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
francisco burzi php-nuke 3.0 |
||
francisco burzi php-nuke 5.0 |
||
francisco burzi php-nuke 5.1 |
||
francisco burzi php-nuke 5.2a |
||
francisco burzi php-nuke 5.3.1 |
||
francisco burzi php-nuke 4.0 |
||
francisco burzi php-nuke 4.3 |
||
francisco burzi php-nuke 4.4 |
||
francisco burzi php-nuke 4.4.1a |
||
francisco burzi php-nuke 5.0.1 |
||
francisco burzi php-nuke 5.2 |