4.3
CVE-2004-2020
- EPSS 0.04%
- Published 31.12.2004 05:00:00
- Last modified 03.04.2025 01:03:51
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.
Data is provided by the National Vulnerability Database (NVD)
Francisco Burzi ≫ Php-nuke Version6.0
Francisco Burzi ≫ Php-nuke Version6.5
Francisco Burzi ≫ Php-nuke Version6.5_beta1
Francisco Burzi ≫ Php-nuke Version6.5_final
Francisco Burzi ≫ Php-nuke Version6.5_rc1
Francisco Burzi ≫ Php-nuke Version6.5_rc2
Francisco Burzi ≫ Php-nuke Version6.5_rc3
Francisco Burzi ≫ Php-nuke Version6.6
Francisco Burzi ≫ Php-nuke Version6.7
Francisco Burzi ≫ Php-nuke Version6.9
Francisco Burzi ≫ Php-nuke Version7.0
Francisco Burzi ≫ Php-nuke Version7.0_final
Francisco Burzi ≫ Php-nuke Version7.1
Francisco Burzi ≫ Php-nuke Version7.2
Francisco Burzi ≫ Php-nuke Version7.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.085 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|