Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1000 β€” Cross-site Scripting in Burzi Php-nuke

20 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 88.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedMay 2
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-mrv4-qgw7-rp76: Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7β†—2022-05-01
β–Ά
CVEList
CVE-2005-1000: Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7β†—2005-04-07
β–Ά

πŸ’₯Exploits & PoCs

16
Exploit-DB
Linux chfn (SuSE 9.3/10) - Local Privilege Escalation↗2005-11-08
β–Ά
Exploit-DB
gpsdrive 2.09 (x86) - 'friendsd2' Remote Format String↗2005-11-04
β–Ά
Exploit-DB
Asus VideoSecurity Online 3.5 - Web Server Authentication Buffer Overflow↗2005-11-02
β–Ά
Exploit-DB
GNU Mailutils imap4d 0.6 - 'Search' Remote Format String↗2005-09-10
β–Ά
Exploit-DB
Indiatimes Messenger 6.0 - Remote Buffer Overflow↗2005-08-31
β–Ά

πŸ’¬Community

1
Bugzilla
pkexec tty hijacking via TIOCSTI ioctl↗2016-01-19
β–Ά
CVE-2005-1000 β€” Cross-site Scripting in Burzi Php-nuke | cvebase