CVE-2004-2020

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.

Reference

http://marc.info/?l=bugtraq&m=108482957715299&w=2
http://secunia.com/advisories/11625
http://www.osvdb.org/6225
http://www.osvdb.org/6226
http://www.securityfocus.com/bid/10367
http://www.waraxe.us/index.php?modname=sa&id=29
https://exchange.xforce.ibmcloud.com/vulnerabilities/16172

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

19-07-2017 - 01:29

Objavljeno

31-12-2004 - 05:00