cbcvebase.
CVE-2004-2020
published 2004-12-31

CVE-2004-2020: Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1)…

PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.43%
69.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.

Affected

21 ranges
VendorProductVersion rangeFixed in
francisco_burziphp-nuke
francisco_burziphp-nuke
francisco_burziphp-nuke
francisco_burziphp-nuke
francisco_burziphp-nuke
francisco_burziphp-nuke
francisco_burziphp-nuke
francisco_burziphp-nuke
francisco_burziphp-nuke
francisco_burziphp-nuke
francisco_burziphp-nuke
francisco_burziphp-nuke
francisco_burziphp-nuke
francisco_burziphp-nuke
francisco_burziphp-nuke
msrcmicrosoft_forefront_endpoint_protection_2010
msrcmicrosoft_security_essentials
msrcmicrosoft_system_center_2012_endpoint_protection
msrcmicrosoft_system_center_2012_r2_endpoint_protection
msrcmicrosoft_system_center_endpoint_protection
msrcwindows_defender

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.