Vulnerability Details CVE-2004-1999
Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.5%
CVSS Severity
CVSS v2 Score 4.3
References
- http://marc.info/?l=bugtraq&m=108378804809891&w=2
- http://secunia.com/advisories/11553
- http://www.waraxe.us/index.php?modname=sa&id=27
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16073
- http://marc.info/?l=bugtraq&m=108378804809891&w=2
- http://secunia.com/advisories/11553
- http://www.waraxe.us/index.php?modname=sa&id=27
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16073
Products affected by CVE-2004-1999
-
cpe:2.3:a:francisco_burzi:php-nuke:6.0
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5
-
cpe:2.3:a:francisco_burzi:php-nuke:6.6
-
cpe:2.3:a:francisco_burzi:php-nuke:6.7
-
cpe:2.3:a:francisco_burzi:php-nuke:6.8
-
cpe:2.3:a:francisco_burzi:php-nuke:6.9
-
cpe:2.3:a:francisco_burzi:php-nuke:7.0
-
cpe:2.3:a:francisco_burzi:php-nuke:7.1
-
cpe:2.3:a:francisco_burzi:php-nuke:7.2