Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1930 — Cross-site Scripting in Burzi Php-nuke

4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 61.58%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedApr 12

Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke14 versions+13

🔴Vulnerability Details

GHSA

GHSA-3mrh-hhw4-729x: Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile↗2022-04-29

▶

CVEList

CVE-2004-1930: Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

PHP-Nuke 6.x/7.x - CookieDecode Cross-Site Scripting↗2004-04-13

▶