Francisco Burzi » Php-nuke » 6.6 : Security Vulnerabilities, CVEs, Published In 2005 (XSS)
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module.
Max CVSS
4.3
EPSS Score
0.26%
Published
2005-05-02
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000.
Max CVSS
4.3
EPSS Score
0.22%
Published
2005-05-02
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation.
Max CVSS
4.3
EPSS Score
0.53%
Published
2005-02-15
Updated
2017-07-11
3 vulnerabilities found