Description
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.
Exploits (1)
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11852
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/365865
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10524
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/6998
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/6999
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/6997
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16406
Scores
EPSS
0.0006
EPSS Percentile
18.2%
Details
Status
published
Products (15)
francisco_burzi/php-nuke
6.0
francisco_burzi/php-nuke
6.5
francisco_burzi/php-nuke
6.5_beta1
francisco_burzi/php-nuke
6.5_final
francisco_burzi/php-nuke
6.5_rc1
francisco_burzi/php-nuke
6.5_rc2
francisco_burzi/php-nuke
6.5_rc3
francisco_burzi/php-nuke
6.6
francisco_burzi/php-nuke
6.7
francisco_burzi/php-nuke
6.9
... and 5 more
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026