CVE-2004-2020
published 2004-12-31CVE-2004-2020: Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1)…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.43%
69.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| francisco_burzi | php-nuke | — | — |
| msrc | microsoft_forefront_endpoint_protection_2010 | — | — |
| msrc | microsoft_security_essentials | — | — |
| msrc | microsoft_system_center_2012_endpoint_protection | — | — |
| msrc | microsoft_system_center_2012_r2_endpoint_protection | — | — |
| msrc | microsoft_system_center_endpoint_protection | — | — |
| msrc | windows_defender | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS WEB-PHP RCE PHPBB 2004-1315
suricata·2015-07-07
CVE-2004-1315 ET WEB_SPECIFIC_APPS WEB-PHP RCE PHPBB 2004-1315
ET WEB_SPECIFIC_APPS WEB-PHP RCE PHPBB 2004-1315
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS WEB-PHP RCE PHPBB 2004-1315"; flow:established,to_server; http.uri; content:"viewtopic.php"; nocase; content:"highlight="; nocase; http.uri.raw; pcre:"/[&?]highlight=[^&]*?\x2525[a-f0-9]{2}/i"; reference:cve,2004-1315; classtype:web-application-attack; sid:2021390; rev:3; metadata:created_at 2015_07_07, cve CVE_2004_1315, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_05_28;)
No public exploits indexed.
http://marc.info/?l=bugtraq&m=108482957715299&w=2http://secunia.com/advisories/11625http://www.osvdb.org/6225http://www.osvdb.org/6226http://www.securityfocus.com/bid/10367http://www.waraxe.us/index.php?modname=sa&id=29https://exchange.xforce.ibmcloud.com/vulnerabilities/16172http://marc.info/?l=bugtraq&m=108482957715299&w=2http://secunia.com/advisories/11625http://www.osvdb.org/6225http://www.osvdb.org/6226http://www.securityfocus.com/bid/10367http://www.waraxe.us/index.php?modname=sa&id=29https://exchange.xforce.ibmcloud.com/vulnerabilities/16172
2004-12-31
Published