Description
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.
Exploits (4)
exploitdb
WRITEUP
VERIFIED
by Maksymilian Arciemowicz · textwebappsphp
https://www.exploit-db.com/exploits/25342
exploitdb
WRITEUP
VERIFIED
by Maksymilian Arciemowicz · textwebappsphp
https://www.exploit-db.com/exploits/25343
exploitdb
WRITEUP
VERIFIED
https://www.exploit-db.com/exploits/25340
exploitdb
WRITEUP
VERIFIED
https://www.exploit-db.com/exploits/25339
References (3)
Core 3
Core References
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2005-04/0037.html
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111263454308478&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19952
Scores
EPSS
0.0004
EPSS Percentile
11.3%
Details
Status
published
Products (1)
francisco_burzi/php-nuke
7.6
Published
May 02, 2005
Tracked Since
Feb 18, 2026