Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-1524Cross-site Scripting in Burzi Php-nuke

6 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 71.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedDec 31
Latest updateApr 30

Description

Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDfrancisco_burzi/php-nuke11 versions+10

Patches

Patch: prdownloads.sourceforge.netPatch: prdownloads.sourceforge.net

🔴Vulnerability Details

2
GHSA
GHSA-gr63-v8qw-4wjf: Cross-site scripting (XSS) vulnerability in PHP-Nuke 52022-04-30
CVEList
CVE-2001-1524: Cross-site scripting (XSS) vulnerability in PHP-Nuke 52005-07-14

💥Exploits & PoCs

3
Exploit-DB
PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - 'user.php?uname' Cross-Site Scripting2001-12-03
Exploit-DB
PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - 'modules.php' Multiple Cross-Site Scripting Vulnerabilities2001-12-03
Exploit-DB
Solaris 2.x/7.0/8 - Xsun HOME Buffer Overflow2001-04-10
CVE-2001-1524 — Cross-site Scripting in Burzi Php-nuke | cvebase