Sign-up

ID

VAR-200505-1051


CVE

CVE-2005-1000


TITLE

PHP-Nuke Your_Account Username Cross-Site Scripting Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-718

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module. It is reported that the PHP-Nuke 'Your_Account' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. This vulnerability is reported to affect PHP-Nuke version 7.6 and previous versions

Trust: 1.8

sources: NVD: CVE-2005-1000 // BID: 13007 // BID: 13026 // BID: 13025 // VULHUB: VHN-12209

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:7.6

Trust: 1.6

vendor:franciscomodel:burzi php-nukescope:eqversion:7.6

Trust: 0.9

vendor:franciscomodel:burzi php-nuke rc3scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.7

Trust: 0.3

vendor:franciscomodel:burzi php-nuke betascope:eqversion:6.51

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.3

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.9

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.6

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc2scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc1scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:6.5

Trust: 0.3

sources: BID: 13007 // BID: 13026 // BID: 13025 // CNNVD: CNNVD-200505-718 // NVD: CVE-2005-1000

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-1000
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200505-718
value: MEDIUM

Trust: 0.6

VULHUB: VHN-12209
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-1000
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-12209
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-12209 // CNNVD: CNNVD-200505-718 // NVD: CVE-2005-1000

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1000

THREAT TYPE

network

Trust: 0.9

sources: BID: 13007 // BID: 13026 // BID: 13025

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 13007 // BID: 13026 // BID: 13025

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-12209

EXTERNAL IDS
db:NVDid:CVE-2005-1000
Trust: 2.6
db:CNNVDid:CNNVD-200505-718
Trust: 0.7
db:BUGTRAQid:20050404 [SECURITYREASON.COM] PHPNUKE 7.6=>X MULTIPLE VULNERABILITIES CXIB8O3.12
Trust: 0.6
db:BUGTRAQid:20050403 FULL PATH DISCLOSURE AND XSS IN PHPNUKE
Trust: 0.6
db:XFid:19952
Trust: 0.6
db:BIDid:13025
Trust: 0.4
db:BIDid:13026
Trust: 0.4
db:BIDid:13007
Trust: 0.3
db:SEEBUGid:SSVID-79003
Trust: 0.1
db:SEEBUGid:SSVID-79006
Trust: 0.1
db:SEEBUGid:SSVID-79005
Trust: 0.1
db:SEEBUGid:SSVID-79002
Trust: 0.1
db:EXPLOIT-DBid:25340
Trust: 0.1
db:EXPLOIT-DBid:25339
Trust: 0.1
db:EXPLOIT-DBid:25342
Trust: 0.1
db:EXPLOIT-DBid:25343
Trust: 0.1
db:VULHUBid:VHN-12209
Trust: 0.1
sources:
            
            
            VULHUB: VHN-12209 // 
            
            
            
            BID: 13007 // 
            
            
            
            BID: 13026 // 
            
            
            
            BID: 13025 // 
            
            
            
            CNNVD: CNNVD-200505-718 // 
            
            
            
            NVD: CVE-2005-1000

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2005-04/0037.html
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/19952
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=111263454308478&w=2
Trust: 1.0
url:/archive/1/394867
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/19952
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=111263454308478&w=2
Trust: 0.6
url:/archive/1/394971
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=111263454308478&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-12209 // 
            
            
            
            BID: 13007 // 
            
            
            
            BID: 13026 // 
            
            
            
            BID: 13025 // 
            
            
            
            CNNVD: CNNVD-200505-718 // 
            
            
            
            NVD: CVE-2005-1000

CREDITS
Discovery of this issues is credited to sp3x <sp3x@securityreason.com>.
Trust: 0.9
sources:
            
            
            BID: 13007 // 
            
            
            
            CNNVD: CNNVD-200505-718

SOURCES
db:VULHUBid:VHN-12209
db:BIDid:13007
db:BIDid:13026
db:BIDid:13025
db:CNNVDid:CNNVD-200505-718
db:NVDid:CVE-2005-1000

LAST UPDATE DATE
2024-08-14T13:51:05.379000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-12209date:2017-07-11T00:00:00
db:BIDid:13007date:2009-07-12T11:56:00
db:BIDid:13026date:2009-07-12T11:56:00
db:BIDid:13025date:2009-07-12T11:56:00
db:CNNVDid:CNNVD-200505-718date:2005-10-20T00:00:00
db:NVDid:CVE-2005-1000date:2017-07-11T01:32:28.970

SOURCES RELEASE DATE
db:VULHUBid:VHN-12209date:2005-05-02T00:00:00
db:BIDid:13007date:2005-04-05T00:00:00
db:BIDid:13026date:2005-04-06T00:00:00
db:BIDid:13025date:2005-04-06T00:00:00
db:CNNVDid:CNNVD-200505-718date:2005-05-02T00:00:00
db:NVDid:CVE-2005-1000date:2005-05-02T04:00:00