Sign-up

ID

VAR-200502-0081


CVE

CVE-2005-0434


TITLE

PHP-Nuke Multi-file parameter cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200502-058

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. PHP-Nuke is a widely popular website creation and management tool

Trust: 1.26

sources: NVD: CVE-2005-0434 // BID: 12561 // VULHUB: VHN-11643

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:6.7

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.9

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.0

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.0

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc3

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_beta1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_final

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.1

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:7.3

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:7.2

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:7.6

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.6

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:7.0_final

Trust: 1.0

vendor:franciscomodel:burzi php-nukescope:eqversion:7.6

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.3

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.1

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.9

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.7

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.6

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc3scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc2scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc1scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke betascope:eqversion:6.51

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.0

Trust: 0.3

sources: BID: 12561 // CNNVD: CNNVD-200502-058 // NVD: CVE-2005-0434

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-0434
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200502-058
value: MEDIUM

Trust: 0.6

VULHUB: VHN-11643
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-0434
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-11643
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-11643 // CNNVD: CNNVD-200502-058 // NVD: CVE-2005-0434

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0434

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200502-058

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200502-058

EXTERNAL IDS

db:BIDid:12561

Trust: 2.0

db:NVDid:CVE-2005-0434

Trust: 1.7

db:CNNVDid:CNNVD-200502-058

Trust: 0.7

db:XFid:19346

Trust: 0.6

db:VULHUBid:VHN-11643

Trust: 0.1

sources: VULHUB: VHN-11643 // BID: 12561 // CNNVD: CNNVD-200502-058 // NVD: CVE-2005-0434

REFERENCES

url:http://www.securityfocus.com/bid/12561

Trust: 1.7

url:http://www.waraxe.us/advisory-40.html

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/19346

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/19346

Trust: 0.6

url:http://www.irannuke.com/

Trust: 0.3

sources: VULHUB: VHN-11643 // BID: 12561 // CNNVD: CNNVD-200502-058 // NVD: CVE-2005-0434

CREDITS

Discovery of these vulnerabilities is credited to Janek Vind 'waraxe'.

Trust: 0.9

sources: BID: 12561 // CNNVD: CNNVD-200502-058

SOURCES

db:VULHUBid:VHN-11643
db:BIDid:12561
db:CNNVDid:CNNVD-200502-058
db:NVDid:CVE-2005-0434

LAST UPDATE DATE

2024-08-14T14:08:55.337000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-11643date:2017-07-11T00:00:00
db:BIDid:12561date:2005-02-15T00:00:00
db:CNNVDid:CNNVD-200502-058date:2005-10-20T00:00:00
db:NVDid:CVE-2005-0434date:2017-07-11T01:32:17.517

SOURCES RELEASE DATE

db:VULHUBid:VHN-11643date:2005-02-15T00:00:00
db:BIDid:12561date:2005-02-15T00:00:00
db:CNNVDid:CNNVD-200502-058date:2005-02-15T00:00:00
db:NVDid:CVE-2005-0434date:2005-02-15T05:00:00