Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0265Cross-site Scripting in Burzi Php-nuke

4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
10.5%
top 6.74%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedNov 23
Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDfrancisco_burzi/php-nuke13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-r3jv-3fjc-hr47: Cross-site scripting (XSS) vulnerability in modules2022-04-29
CVEList
CVE-2004-0265: Cross-site scripting (XSS) vulnerability in modules2004-03-18

💥Exploits & PoCs

1
Exploit-DB
PHP-Nuke 6.x/7.x 'Reviews' Module - Cross-Site Scripting2004-02-09