Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2294Cross-site Scripting in Burzi Php-nuke

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 82.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedDec 31
Latest updateApr 29

Description

Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDfrancisco_burzi/php-nuke15 versions+14

🔴Vulnerability Details

2
GHSA
GHSA-9pq6-3pq8-q862: Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 62022-04-29
CVEList
CVE-2004-2294: Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 62005-08-04

💥Exploits & PoCs

1
Exploit-DB
PHP-Nuke 6.x/7.x Reviews Module - Multiple Cross-Site Scripting Vulnerabilities2004-06-11
CVE-2004-2294 — Cross-site Scripting in Burzi Php-nuke | cvebase