Rob Sutton : Security Vulnerabilities, CVEs, CVSS score >= 3
Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments.
Max CVSS
4.3
EPSS Score
0.92%
Published
2004-12-31
Updated
2017-07-11
The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to (1) config.php, (2) index.php, or (3) submit.php, which reveal the full path in an error message.
Max CVSS
5.0
EPSS Score
0.73%
Published
2004-12-31
Updated
2017-07-11
2 vulnerabilities found