Details of VAR-200403-0129

ID

VAR-200403-0129

CVE

CVE-2004-1840

TITLE

PHP-Nuke MS-Analysis Module Multiple Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200403-093

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php. It has been reported that MS-Analysis is prone to a multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI parameters. These issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks

Trust: 1.26

sources: NVD: CVE-2004-1840 // BID: 9947 // VULHUB: VHN-10269

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.7	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.9	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.6	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc2	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc3	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc1	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_beta1	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_final	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.0_final	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.0	Trust: 1.0
vendor:	ms analysis	model:	website traffic analyzer	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 9947 // CNNVD: CNNVD-200403-093 // NVD: CVE-2004-1840

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1840
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200403-093
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-10269
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-1840
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10269
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10269 // CNNVD: CNNVD-200403-093 // NVD: CVE-2004-1840

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1840

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200403-093

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200403-093

EXTERNAL IDS

db:	BID	id:	9947	Trust: 2.0
db:	NVD	id:	CVE-2004-1840	Trust: 1.7
db:	CNNVD	id:	CNNVD-200403-093	Trust: 0.7
db:	XF	id:	15575	Trust: 0.6
db:	BUGTRAQ	id:	20040322 [WARAXE-2004-SA#011 MULTIPLE VULNERABILITIES IN MS ANALYSIS V2.0 MODULE FOR PHPNUKE]	Trust: 0.6
db:	VULHUB	id:	VHN-10269	Trust: 0.1

sources: VULHUB: VHN-10269 // BID: 9947 // CNNVD: CNNVD-200403-093 // NVD: CVE-2004-1840

REFERENCES

url:	http://www.securityfocus.com/bid/9947	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15575	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=108006319730976&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/15575	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108006319730976&w=2	Trust: 0.6
url:	http://www.matyscripts.com/modules.php?name=matyfront&pageoverview=1	Trust: 0.3
url:	http://www.irannuke.com/	Trust: 0.3
url:	/archive/1/358325	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=108006319730976&w=2	Trust: 0.1

sources: VULHUB: VHN-10269 // BID: 9947 // CNNVD: CNNVD-200403-093 // NVD: CVE-2004-1840

CREDITS

Janek Vind

Trust: 0.6

sources: CNNVD: CNNVD-200403-093

SOURCES

db:	VULHUB	id:	VHN-10269
db:	BID	id:	9947
db:	CNNVD	id:	CNNVD-200403-093
db:	NVD	id:	CVE-2004-1840

LAST UPDATE DATE

2024-08-14T14:23:05.785000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10269	date:	2017-07-11T00:00:00
db:	BID	id:	9947	date:	2004-03-22T00:00:00
db:	CNNVD	id:	CNNVD-200403-093	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1840	date:	2017-07-11T01:31:23.717

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10269	date:	2004-03-22T00:00:00
db:	BID	id:	9947	date:	2004-03-22T00:00:00
db:	CNNVD	id:	CNNVD-200403-093	date:	2004-03-22T00:00:00
db:	NVD	id:	CVE-2004-1840	date:	2004-03-22T05:00:00