Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1817Cross-site Scripting in Burzi Php-nuke

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
5.7%
top 9.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedMar 15
Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-h8qw-6f8v-jxp2: Cross-site scripting (XSS) vulnerability in modules2022-04-29
CVEList
CVE-2004-1817: Cross-site scripting (XSS) vulnerability in modules2005-05-10

💥Exploits & PoCs

1
Exploit-DB
PHP-Nuke 7.1 Recommend_Us Module - 'fname' Cross-Site Scripting2004-03-15
CVE-2004-1817 — Cross-site Scripting in Burzi Php-nuke | cvebase