Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.
Published 2004-12-31 05:00:00
Updated 2017-07-19 01:29:01
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Cross site scripting (XSS)

Exploit prediction scoring system (EPSS) score for CVE-2004-2020

Probability of exploitation activity in the next 30 days: 1.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-2020

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
4.3
MEDIUM AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
NIST

References for CVE-2004-2020

Products affected by CVE-2004-2020

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!