CVE-2003-1372: XSS
First published: Wed Dec 31 2003(Updated: )
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Microsoft Windows | ||
| Unix Unix | =any_version | |
| PHP-Nuke | =1.8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-1372?
CVE-2003-1372 has a medium severity level due to its potential for cross-site scripting attacks.
How do I fix CVE-2003-1372?
To fix CVE-2003-1372, upgrade to myPHPNuke version 1.8.9 or later where this vulnerability has been addressed.
What are the affected versions for CVE-2003-1372?
CVE-2003-1372 affects myPHPNuke versions 1.8.8 and possibly earlier versions.
What type of vulnerability is CVE-2003-1372?
CVE-2003-1372 is a cross-site scripting (XSS) vulnerability.
Can CVE-2003-1372 be exploited remotely?
Yes, CVE-2003-1372 can be exploited remotely by attackers through specific input parameters.
- collector/nvd-historical
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows
- vendor/unix
- canonical/unix unix
- version/unix unix/any_version
- vendor/myphpnuke
- canonical/php-nuke
- version/php-nuke/1.8.8