CVE-2007-1519

Phpnuke Php-nuke < 8.0 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.

References (5)

[Exploit, URL Repurposed] http://phpfi.com/214668

[Third Party Advisory] http://secunia.com/advisories/24629

[Various Sources] http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/

[Exploit] http://www.wisec.it/ush/phpnukexss.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/462308/100/100/threaded

Scores

EPSS 0.0043

EPSS Percentile 61.9%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

phpnuke/php-nuke < 8.0

Timeline

Published Mar 20, 2007

Tracked Since Feb 18, 2026