CVE-2005-1000: XSS
First published: Thu Apr 07 2005(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Francisco Burzi PHP-Nuke | =7.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/tags
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/francisco burzi
- canonical/francisco burzi php-nuke
- version/francisco burzi php-nuke/7.6