Back to search
CVE-2004-2020
Published: May 10, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.waraxe.us/index.php?modname=sa&id=29
x_refsource_MISC
6226
vdb-entry
x_refsource_OSVDB
10367
vdb-entry
x_refsource_BID
20040517 [waraxe-2004-SA#030 - Multiple vulnerabilities in PhpNuke 6.x - 7.3]
mailing-list
x_refsource_BUGTRAQ
6225
vdb-entry
x_refsource_OSVDB
phpnuke-multi-xss(16172)
vdb-entry
x_refsource_XF
11625
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now