Back to search
CVE-2004-2294
Published: Aug 4, 2005
Modified: Sep 17, 2024
PUBLISHED
Description
Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
6999
vdb-entry
x_refsource_OSVDB
11852
third-party-advisory
x_refsource_SECUNIA
20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]
mailing-list
x_refsource_BUGTRAQ
10524
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now