Details of VAR-200407-0029

ID

VAR-200407-0029

CVE

CVE-2004-0737

TITLE

Php-Nuke Search module index.php Cross-site scripting vulnerability Php-Nuke Search module index.php Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200407-057

DESCRIPTION

Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters. PHP-Nuke is prone to a cross-site scripting vulnerability

Trust: 1.26

sources: NVD: CVE-2004-0737 // BID: 82701 // VULHUB: VHN-9167

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	8.0_final	Trust: 1.6
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	8.0	Trust: 0.3

sources: BID: 82701 // CNNVD: CNNVD-200407-057 // NVD: CVE-2004-0737

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0737
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200407-057
value:	HIGH
Trust: 0.6
VULHUB:	VHN-9167
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0737
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9167
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9167 // CNNVD: CNNVD-200407-057 // NVD: CVE-2004-0737

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0737

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200407-057

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200407-057

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0737	Trust: 2.0
db:	XF	id:	16721	Trust: 0.9
db:	CNNVD	id:	CNNVD-200407-057	Trust: 0.7
db:	BUGTRAQ	id:	20040718 [WARAXE-2004-SA#036 - MULTIPLE SECURITY HOLES IN PHPNUKE - PART 3]	Trust: 0.6
db:	BID	id:	82701	Trust: 0.4
db:	VULHUB	id:	VHN-9167	Trust: 0.1

sources: VULHUB: VHN-9167 // BID: 82701 // CNNVD: CNNVD-200407-057 // NVD: CVE-2004-0737

REFERENCES

url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16721	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=109026609504767&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=109026609504767&w=2	Trust: 0.9
url:	http://xforce.iss.net/xforce/xfdb/16721	Trust: 0.9
url:	http://marc.info/?l=bugtraq&m=109026609504767&w=2	Trust: 0.1

sources: VULHUB: VHN-9167 // BID: 82701 // CNNVD: CNNVD-200407-057 // NVD: CVE-2004-0737

CREDITS

Unknown

Trust: 0.3

sources: BID: 82701

SOURCES

db:	VULHUB	id:	VHN-9167
db:	BID	id:	82701
db:	CNNVD	id:	CNNVD-200407-057
db:	NVD	id:	CVE-2004-0737

LAST UPDATE DATE

2024-08-14T13:40:15.908000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9167	date:	2017-07-11T00:00:00
db:	BID	id:	82701	date:	2004-07-27T00:00:00
db:	CNNVD	id:	CNNVD-200407-057	date:	2007-01-24T00:00:00
db:	NVD	id:	CVE-2004-0737	date:	2017-07-11T01:30:25.683

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9167	date:	2004-07-27T00:00:00
db:	BID	id:	82701	date:	2004-07-27T00:00:00
db:	CNNVD	id:	CNNVD-200407-057	date:	2004-07-27T00:00:00
db:	NVD	id:	CVE-2004-0737	date:	2004-07-27T04:00:00