CVE-2004-1913 in Nukecalendar
Summary
by MITRE
Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/14/2025
The vulnerability identified as CVE-2004-1913 represents a classic cross-site scripting flaw within the NukeCalendar 1.1.a module, which is integrated into the PHP-Nuke content management system. This security weakness specifically targets the modules.php script and exploits the improper handling of user input through the eid parameter, creating a significant attack vector for malicious actors seeking to compromise web applications. The vulnerability falls under the broader category of web application security flaws that have persisted across decades of software development, with XSS vulnerabilities remaining among the most prevalent and dangerous threats in web environments.
The technical implementation of this vulnerability stems from insufficient input validation and output sanitization within the NukeCalendar module. When the application processes the eid parameter without proper encoding or filtering of user-supplied data, it allows attackers to inject malicious scripts that execute in the context of other users' browsers. This occurs because the application fails to properly escape special characters and HTML tags before rendering user-provided content, enabling the injection of JavaScript code or HTML elements that can be executed by unsuspecting victims. The flaw specifically manifests when the application directly incorporates the eid parameter value into web pages without appropriate security measures such as HTML entity encoding or input validation.
The operational impact of this vulnerability extends beyond simple data theft or defacement, as it provides attackers with the capability to establish persistent malicious presence within affected web applications. An attacker could exploit this vulnerability to steal session cookies, redirect users to malicious sites, inject phishing content, or even execute more sophisticated attacks such as credential harvesting or privilege escalation. The vulnerability's remote nature means that attackers do not require physical access to the system or administrative credentials to exploit it, making it particularly dangerous for widely deployed web applications. Additionally, the persistence of such vulnerabilities in legacy systems like PHP-Nuke 1.1.a demonstrates how older software versions often contain unpatched security flaws that remain attractive targets for threat actors.
Mitigation strategies for this vulnerability should encompass both immediate remediation and long-term architectural improvements. The most direct solution involves implementing proper input validation and output encoding mechanisms within the affected application modules, specifically ensuring that all user-provided parameters including the eid parameter are sanitized before being processed or displayed. Security measures should include HTML entity encoding of all dynamic content, implementation of content security policies, and regular security audits of web applications. Organizations should also consider applying the official patches or updates provided by the PHP-Nuke community and implementing web application firewalls to detect and block malicious requests. This vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws, and represents a clear violation of ATT&CK technique T1213 which covers data from information repositories, particularly in the context of web application exploitation and user session manipulation.