Details of VAR-200312-0325

ID

VAR-200312-0325

CVE

CVE-2003-1547

TITLE

PHP-Nuke Block-Forums.PHP Subject HTML Injection Vulnerability

Trust: 0.3

sources: BID: 7248

DESCRIPTION

Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. The PHP-Nuke 'block-Forums.php' does not sufficiently sanitize data supplied via form fields, making it prone to HTML injection attacks. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code

Trust: 1.26

sources: NVD: CVE-2003-1547 // BID: 7248 // VULHUB: VHN-8372

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc3	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc2	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_beta1	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc1	Trust: 1.0
vendor:	francisco	model:	burzi php-nuke rc3	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc2	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc1	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke beta	scope:	eq	version:	6.51	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.5	Trust: 0.3

sources: BID: 7248 // NVD: CVE-2003-1547

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1547
value:	MEDIUM
Trust: 1.0
VULHUB:	VHN-8372
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-1547
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-8372
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8372 // NVD: CVE-2003-1547

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.1

sources: VULHUB: VHN-8372 // NVD: CVE-2003-1547

THREAT TYPE

network

Trust: 0.3

sources: BID: 7248

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 7248

EXTERNAL IDS

db:	BID	id:	7248	Trust: 1.4
db:	SREASON	id:	3718	Trust: 1.1
db:	NVD	id:	CVE-2003-1547	Trust: 1.1
db:	SECUNIA	id:	8478	Trust: 1.1
db:	VULHUB	id:	VHN-8372	Trust: 0.1

sources: VULHUB: VHN-8372 // BID: 7248 // NVD: CVE-2003-1547

REFERENCES

url:	http://www.securityfocus.com/bid/7248	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/316925/30/25250/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/317230/30/25220/threaded	Trust: 1.1
url:	http://secunia.com/advisories/8478	Trust: 1.1
url:	http://securityreason.com/securityalert/3718	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/11675	Trust: 1.1
url:	/archive/1/316925	Trust: 0.3
url:	/archive/1/317230	Trust: 0.3

sources: VULHUB: VHN-8372 // BID: 7248 // NVD: CVE-2003-1547

CREDITS

Discovery credited to <lethalman@libero.it>.

Trust: 0.3

sources: BID: 7248

SOURCES

db:	VULHUB	id:	VHN-8372
db:	BID	id:	7248
db:	NVD	id:	CVE-2003-1547

LAST UPDATE DATE

2024-08-14T14:59:26.437000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8372	date:	2018-10-19T00:00:00
db:	BID	id:	7248	date:	2003-03-31T00:00:00
db:	NVD	id:	CVE-2003-1547	date:	2018-10-19T15:29:53.390

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8372	date:	2003-12-31T00:00:00
db:	BID	id:	7248	date:	2003-03-31T00:00:00
db:	NVD	id:	CVE-2003-1547	date:	2003-12-31T05:00:00