Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4260Cross-site Scripting in Burzi Php-nuke

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 93.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedDec 15
Latest updateMay 1

Description

Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDfrancisco_burzi/php-nuke8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-355w-pfx5-w3wr: Interpretation conflict in includes/mainfile2022-05-01
CVEList
CVE-2005-4260: Interpretation conflict in includes/mainfile2005-12-15

💥Exploits & PoCs

1
Exploit-DB
PHP-Nuke 7.x - Content Filtering Bypass2005-12-14
CVE-2005-4260 — Cross-site Scripting in Burzi Php-nuke | cvebase