CVE-2004-2020 in PHP-Nukeinfo

Zusammenfassung

von MITRE

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

04.05.2005

Veröffentlichung

31.12.2004

Moderieren

akzeptiert

Eintrag

VDB-22991

CPE

bereit

CWE

CWE-80 (bestätigt)

CVSS

4.3 (VulDB)

EPSS

0.01427

KEV

nein

Aktivitäten

very low

Sektor

Lawfirm, Hostingprovider, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-2020
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2020
CVE Details	https://www.cvedetails.com/cve/CVE-2004-2020/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!