Description
Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the error log.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Janek Vind · textwebappsphp
https://www.exploit-db.com/exploits/23845
References (6)
Core 6
Core References
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9911
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/4384
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15530
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11164
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15529
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107963064317560&w=2
Scores
EPSS
0.0062
EPSS Percentile
70.2%
Details
Status
published
Products (1)
error_manager/php-nuke_module
2.1
Published
Mar 18, 2004
Tracked Since
Feb 18, 2026