CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-2293

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.4%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2004-2293

Francisco Burzi » Php-Nuke » Version: 6.0

cpe:2.3:a:francisco_burzi:php-nuke:6.0
Francisco Burzi » Php-Nuke » Version: 6.5

cpe:2.3:a:francisco_burzi:php-nuke:6.5
Francisco Burzi » Php-Nuke » Version: 6.5_beta1

cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1
Francisco Burzi » Php-Nuke » Version: 6.5_final

cpe:2.3:a:francisco_burzi:php-nuke:6.5_final
Francisco Burzi » Php-Nuke » Version: 6.5_rc1

cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1
Francisco Burzi » Php-Nuke » Version: 6.5_rc2

cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2
Francisco Burzi » Php-Nuke » Version: 6.5_rc3

cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3
Francisco Burzi » Php-Nuke » Version: 6.6

cpe:2.3:a:francisco_burzi:php-nuke:6.6
Francisco Burzi » Php-Nuke » Version: 6.7

cpe:2.3:a:francisco_burzi:php-nuke:6.7
Francisco Burzi » Php-Nuke » Version: 6.9

cpe:2.3:a:francisco_burzi:php-nuke:6.9
Francisco Burzi » Php-Nuke » Version: 7.0

cpe:2.3:a:francisco_burzi:php-nuke:7.0
Francisco Burzi » Php-Nuke » Version: 7.0_final

cpe:2.3:a:francisco_burzi:php-nuke:7.0_final
Francisco Burzi » Php-Nuke » Version: 7.1

cpe:2.3:a:francisco_burzi:php-nuke:7.1
Francisco Burzi » Php-Nuke » Version: 7.2

cpe:2.3:a:francisco_burzi:php-nuke:7.2
Francisco Burzi » Php-Nuke » Version: 7.3

cpe:2.3:a:francisco_burzi:php-nuke:7.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-2293

Products

Pricing

Contact Us