Back to search
CVE-2001-1524
Published: Jul 14, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20011215 PHPNuke holes
mailing-list
x_refsource_BUGTRAQ
20011220 1 last CSS hole in PHPNuke :)
mailing-list
x_refsource_VULN-DEV
phpnuke-postnuke-css(7654)
vdb-entry
x_refsource_XF
20011216 Phpnuke module.php vulnerability and php error_reporting issue
mailing-list
x_refsource_BUGTRAQ
http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz
x_refsource_CONFIRM
20011203 Phpnuke Cross site scripting vulnerability
mailing-list
x_refsource_BUGTRAQ
3609
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now