Description
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Tacettin Karadeniz · textwebappsphp
https://www.exploit-db.com/exploits/22268
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11376
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/8125
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6892
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/3931
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html
Scores
EPSS
0.0059
EPSS Percentile
69.4%
Details
CWE
CWE-79
Status
published
Products (1)
myphpnuke/myphpnuke
1.8.8
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026