CVE-2004-0265

Php-Nuke 6.x-7.1.0 - Cross-Site Scripting via News or Reviews Module Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0265. PoCs published by Janek Vind.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in the PHP-Nuke 'Reviews' module. The issue arises due to insufficient sanitization of user-supplied input, allowing execution of arbitrary HTML and script code in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Janek Vind · textwebappsphp
https://www.exploit-db.com/exploits/23669

This exploit demonstrates a cross-site scripting (XSS) vulnerability in the PHP-Nuke 'Reviews' module. The issue arises due to insufficient sanitization of user-supplied input, allowing execution of arbitrary HTML and script code in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PHP-Nuke Reviews module
No auth needed
Prerequisites: A vulnerable PHP-Nuke installation with the Reviews module enabled
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107634727520936&w=2
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9605
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9613
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15076

Scores

EPSS 0.0463
EPSS Percentile 90.5%

Details

Status published
Products (13)
francisco_burzi/php-nuke 6.0
francisco_burzi/php-nuke 6.5
francisco_burzi/php-nuke 6.5_beta1
francisco_burzi/php-nuke 6.5_final
francisco_burzi/php-nuke 6.5_rc1
francisco_burzi/php-nuke 6.5_rc2
francisco_burzi/php-nuke 6.5_rc3
francisco_burzi/php-nuke 6.6
francisco_burzi/php-nuke 6.7
francisco_burzi/php-nuke 6.9
... and 3 more
Published Nov 23, 2004
Tracked Since Feb 18, 2026