CVE-2003-1372

Myphpnuke - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tacettin Karadeniz · textwebappsphp

https://www.exploit-db.com/exploits/22268

View Code ZIP pw:eip

References (5)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html

[Exploit] http://www.securityfocus.com/bid/6892

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/11376

[Third Party Advisory, VDB Entry] http://www.osvdb.org/3931

[Third Party Advisory] http://secunia.com/advisories/8125

Scores

EPSS 0.0059

EPSS Percentile 69.0%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

myphpnuke/myphpnuke

Timeline

Published Dec 31, 2003

Tracked Since Feb 18, 2026