CVE-2005-4260
PHP-Nuke 7.9 - Cross-Site Scripting via Tag Sanitization Bypass
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-4260. PoCs published by Maksymilian Arciemowicz.
AI-analyzed exploit summary This is a writeup describing a content filtering bypass vulnerability in PHPNuke 7.9 and prior versions. It demonstrates how an attacker can bypass content filters to perform XSS or HTML injection via malformed iframe tags in specific modules.
Description
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.
Exploits (1)
This is a writeup describing a content filtering bypass vulnerability in PHPNuke 7.9 and prior versions. It demonstrates how an attacker can bypass content filters to perform XSS or HTML injection via malformed iframe tags in specific modules.