Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2293Cross-site Scripting in Burzi Php-nuke

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 81.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedDec 31
Latest updateApr 29

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDfrancisco_burzi/php-nuke15 versions+14

🔴Vulnerability Details

2
GHSA
GHSA-g43w-c8rf-68ph: Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 62022-04-29
CVEList
CVE-2004-2293: Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 62005-08-04

💥Exploits & PoCs

1
Exploit-DB
PHP-Nuke 6.x/7.x Encyclopedia Module - Multiple Function Cross-Site Scripting Vulnerabilities2004-06-11