Vulnerability Description
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Francisco Burzi | Php-Nuke | 7.0 |
References
- http://www.securityfocus.com/archive/1/419496/100/0/threaded
- http://www.securityfocus.com/archive/1/419991/100/0/threaded
- http://www.securityfocus.com/bid/15855Exploit
- http://www.securityfocus.com/archive/1/419496/100/0/threaded
- http://www.securityfocus.com/archive/1/419991/100/0/threaded
- http://www.securityfocus.com/bid/15855Exploit
FAQ
What is CVE-2005-4260?
CVE-2005-4260 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypas...
How severe is CVE-2005-4260?
CVE-2005-4260 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4260?
Check the references section above for vendor advisories and patch information. Affected products include: Francisco Burzi Php-Nuke.