CVE-2004-0737 — Cross-site Scripting in Burzi Php-nuke

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 87.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedJul 27

Latest updateApr 29

Description

Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke8.0_final

🔴Vulnerability Details

GHSA

GHSA-c593-2gr9-g543: Multiple cross-site scripting vulnerabilities in index↗2022-04-29

▶

CVEList

CVE-2004-0737: Multiple cross-site scripting vulnerabilities in index↗2004-07-23

▶