CVE-2004-2020 — Cross-site Scripting in Burzi Php-nuke

8 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 88.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedDec 31

Latest updateApr 29

Description

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke15 versions+14

🔴Vulnerability Details

GHSA

GHSA-vq7j-qwwp-ggc5: Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6↗2022-04-29

▶

CVEList

CVE-2004-2020: Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6↗2005-05-10

▶

🕵️Threat Intelligence

Unit42

Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350↗2020-07-21

▶