Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Francisco Burzi | Php-Nuke | 7.6 |
References
- http://archives.neohapsis.com/archives/bugtraq/2005-04/0037.htmlExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=111263454308478&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19952
- http://archives.neohapsis.com/archives/bugtraq/2005-04/0037.htmlExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=111263454308478&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19952
FAQ
What is CVE-2005-1000?
CVE-2005-1000 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the...
How severe is CVE-2005-1000?
CVE-2005-1000 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1000?
Check the references section above for vendor advisories and patch information. Affected products include: Francisco Burzi Php-Nuke.