CVE-2004-2293: XSS
First published: Fri Dec 31 2004(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP-Nuke | =6.5_beta1 | |
| PHP-Nuke | =6.5 | |
| PHP-Nuke | =7.0 | |
| PHP-Nuke | =7.2 | |
| PHP-Nuke | =7.0_final | |
| PHP-Nuke | =6.5_rc2 | |
| PHP-Nuke | =7.3 | |
| PHP-Nuke | =6.5_rc3 | |
| PHP-Nuke | =6.0 | |
| PHP-Nuke | =6.5_final | |
| PHP-Nuke | =6.7 | |
| PHP-Nuke | =6.6 | |
| PHP-Nuke | =6.9 | |
| PHP-Nuke | =7.1 | |
| PHP-Nuke | =6.5_rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What are the XSS vulnerabilities in CVE-2004-2293?
CVE-2004-2293 describes multiple cross-site scripting vulnerabilities in PHP-Nuke that allow attackers to inject arbitrary web scripts or HTML via specific parameters.
Which versions of PHP-Nuke are affected by CVE-2004-2293?
CVE-2004-2293 affects PHP-Nuke versions 6.0 to 7.3, including several beta and release candidates.
What is the impact of exploiting CVE-2004-2293?
Exploiting CVE-2004-2293 could allow an attacker to perform unauthorized actions on behalf of users or steal sensitive information through malicious scripts.
How can I mitigate the risks associated with CVE-2004-2293?
To mitigate the risks associated with CVE-2004-2293, it's essential to upgrade PHP-Nuke to a version that has patched these vulnerabilities.
Are there any known workarounds for CVE-2004-2293?
There are no specific workarounds for CVE-2004-2293; upgrading to a secure version is the recommended approach.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/francisco burzi
- canonical/php-nuke
- version/php-nuke/6.5_beta1
- version/php-nuke/6.5
- version/php-nuke/7.0
- version/php-nuke/7.2
- version/php-nuke/7.0_final
- version/php-nuke/6.5_rc2
- version/php-nuke/7.3
- version/php-nuke/6.5_rc3
- version/php-nuke/6.0
- version/php-nuke/6.5_final
- version/php-nuke/6.7
- version/php-nuke/6.6
- version/php-nuke/6.9
- version/php-nuke/7.1
- version/php-nuke/6.5_rc1