Sign-up

ID

VAR-200403-0099


CVE

CVE-2004-1817


TITLE

PHP-Nuke Modules.php Multiple Cross-Site Scripting Vulnerabilities

Trust: 0.9

sources: BID: 9879 // CNNVD: CNNVD-200403-057

DESCRIPTION

Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname', 'fname', 'ratenum', and 'search' fields of 'modules.php' script. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible. PHP-Nuke 7.1.0 has been reported to be prone to these issues, however, it is possible that other versions are affected as well. These issues are undergoing further analysis. These issues will be separated into individual BIDs once analysis is complete

Trust: 1.26

sources: NVD: CVE-2004-1817 // BID: 9879 // VULHUB: VHN-10246

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:7.1

Trust: 1.6

vendor:franciscomodel:burzi php-nukescope:eqversion:7.1

Trust: 0.3

sources: BID: 9879 // CNNVD: CNNVD-200403-057 // NVD: CVE-2004-1817

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1817
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200403-057
value: MEDIUM

Trust: 0.6

VULHUB: VHN-10246
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-1817
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10246
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10246 // CNNVD: CNNVD-200403-057 // NVD: CVE-2004-1817

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1817

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200403-057

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200403-057

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-10246

EXTERNAL IDS
db:BIDid:9879
Trust: 2.0
db:SECUNIAid:11135
Trust: 1.7
db:NVDid:CVE-2004-1817
Trust: 1.7
db:CNNVDid:CNNVD-200403-057
Trust: 0.7
db:BUGTRAQid:20040315 [WARAXE-2004-SA#005 - XSS IN PHP-NUKE 7.1.0 - PART 2]
Trust: 0.6
db:XFid:15491
Trust: 0.6
db:EXPLOIT-DBid:23814
Trust: 0.1
db:SEEBUGid:SSVID-77563
Trust: 0.1
db:VULHUBid:VHN-10246
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10246 // 
            
            
            
            BID: 9879 // 
            
            
            
            CNNVD: CNNVD-200403-057 // 
            
            
            
            NVD: CVE-2004-1817

REFERENCES
url:http://www.securityfocus.com/bid/9879
Trust: 1.7
url:http://secunia.com/advisories/11135
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/15491
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=107937752811633&w=2
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/15491
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=107937752811633&w=2
Trust: 0.6
url:http://www.ncc.org.ve/php-nuke.php3?op=english
Trust: 0.3
url:/archive/1/357497
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=107937752811633&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10246 // 
            
            
            
            BID: 9879 // 
            
            
            
            CNNVD: CNNVD-200403-057 // 
            
            
            
            NVD: CVE-2004-1817

CREDITS
Discovery is credited to Janek Vind <come2waraxe@yahoo.com>.
Trust: 0.9
sources:
            
            
            BID: 9879 // 
            
            
            
            CNNVD: CNNVD-200403-057

SOURCES
db:VULHUBid:VHN-10246
db:BIDid:9879
db:CNNVDid:CNNVD-200403-057
db:NVDid:CVE-2004-1817

LAST UPDATE DATE
2024-08-14T14:53:49.569000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-10246date:2017-07-11T00:00:00
db:BIDid:9879date:2004-03-15T00:00:00
db:CNNVDid:CNNVD-200403-057date:2005-10-20T00:00:00
db:NVDid:CVE-2004-1817date:2017-07-11T01:31:22.403

SOURCES RELEASE DATE
db:VULHUBid:VHN-10246date:2004-03-15T00:00:00
db:BIDid:9879date:2004-03-15T00:00:00
db:CNNVDid:CNNVD-200403-057date:2004-03-15T00:00:00
db:NVDid:CVE-2004-1817date:2004-03-15T05:00:00