Vulnerability Description
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpnuke | Php-Nuke | <= 8.0 |
Related Weaknesses (CWE)
References
- http://phpfi.com/214668ExploitURL Repurposed
- http://secunia.com/advisories/24629
- http://www.securityfocus.com/archive/1/462308/100/100/threaded
- http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/
- http://www.wisec.it/ush/phpnukexss.htmlExploit
- http://phpfi.com/214668ExploitURL Repurposed
- http://secunia.com/advisories/24629
- http://www.securityfocus.com/archive/1/462308/100/100/threaded
- http://www.ush.it/2007/03/09/php-nuke-wild-post-xss/
- http://www.wisec.it/ush/phpnukexss.htmlExploit
FAQ
What is CVE-2007-1519?
CVE-2007-1519 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the ...
How severe is CVE-2007-1519?
CVE-2007-1519 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1519?
Check the references section above for vendor advisories and patch information. Affected products include: Phpnuke Php-Nuke.