CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-4260

Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.7%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2005-4260

Francisco Burzi » Php-Nuke » Version: 7.0

cpe:2.3:a:francisco_burzi:php-nuke:7.0
Francisco Burzi » Php-Nuke » Version: 7.1

cpe:2.3:a:francisco_burzi:php-nuke:7.1
Francisco Burzi » Php-Nuke » Version: 7.2

cpe:2.3:a:francisco_burzi:php-nuke:7.2
Francisco Burzi » Php-Nuke » Version: 7.3

cpe:2.3:a:francisco_burzi:php-nuke:7.3
Francisco Burzi » Php-Nuke » Version: 7.6

cpe:2.3:a:francisco_burzi:php-nuke:7.6
Francisco Burzi » Php-Nuke » Version: 7.7

cpe:2.3:a:francisco_burzi:php-nuke:7.7
Francisco Burzi » Php-Nuke » Version: 7.8

cpe:2.3:a:francisco_burzi:php-nuke:7.8
Francisco Burzi » Php-Nuke » Version: 7.9

cpe:2.3:a:francisco_burzi:php-nuke:7.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-4260

Products

Pricing

Contact Us