CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-2294

Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.2%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2004-2294

Francisco Burzi » Php-Nuke » Version: 6.0

cpe:2.3:a:francisco_burzi:php-nuke:6.0
Francisco Burzi » Php-Nuke » Version: 6.5

cpe:2.3:a:francisco_burzi:php-nuke:6.5
Francisco Burzi » Php-Nuke » Version: 6.5_beta1

cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1
Francisco Burzi » Php-Nuke » Version: 6.5_final

cpe:2.3:a:francisco_burzi:php-nuke:6.5_final
Francisco Burzi » Php-Nuke » Version: 6.5_rc1

cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1
Francisco Burzi » Php-Nuke » Version: 6.5_rc2

cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2
Francisco Burzi » Php-Nuke » Version: 6.5_rc3

cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3
Francisco Burzi » Php-Nuke » Version: 6.6

cpe:2.3:a:francisco_burzi:php-nuke:6.6
Francisco Burzi » Php-Nuke » Version: 6.7

cpe:2.3:a:francisco_burzi:php-nuke:6.7
Francisco Burzi » Php-Nuke » Version: 6.9

cpe:2.3:a:francisco_burzi:php-nuke:6.9
Francisco Burzi » Php-Nuke » Version: 7.0

cpe:2.3:a:francisco_burzi:php-nuke:7.0
Francisco Burzi » Php-Nuke » Version: 7.0_final

cpe:2.3:a:francisco_burzi:php-nuke:7.0_final
Francisco Burzi » Php-Nuke » Version: 7.1

cpe:2.3:a:francisco_burzi:php-nuke:7.1
Francisco Burzi » Php-Nuke » Version: 7.2

cpe:2.3:a:francisco_burzi:php-nuke:7.2
Francisco Burzi » Php-Nuke » Version: 7.3

cpe:2.3:a:francisco_burzi:php-nuke:7.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-2294

Products

Pricing

Contact Us