cvelistv5 - cve-2001-1524

CVE-2001-1524 (GCVE-0-2001-1524)

Vulnerability from cvelistv5 – Published: 2005-07-14 04:00 – Updated: 2024-08-08 04:58

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://online.securityfocus.com/archive/1/245691	mailing-listx_refsource_BUGTRAQ
	http://online.securityfocus.com/archive/82/246603	mailing-listx_refsource_VULN-DEV
	http://www.iss.net/security_center/static/7654.php	vdb-entryx_refsource_XF
	http://online.securityfocus.com/archive/1/245875	mailing-listx_refsource_BUGTRAQ
	http://prdownloads.sourceforge.net/phpnuke/PHP-Nu…	x_refsource_CONFIRM
	http://online.securityfocus.com/archive/82/243545	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/3609	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:58:11.602Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20011215 PHPNuke holes",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/1/245691"
          },
          {
            "name": "20011220 1 last CSS hole in PHPNuke :)",
            "tags": [
              "mailing-list",
              "x_refsource_VULN-DEV",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/82/246603"
          },
          {
            "name": "phpnuke-postnuke-css(7654)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/7654.php"
          },
          {
            "name": "20011216 Phpnuke module.php vulnerability and php error_reporting issue",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/1/245875"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz"
          },
          {
            "name": "20011203 Phpnuke Cross site scripting vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/82/243545"
          },
          {
            "name": "3609",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3609"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-12-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-04T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20011215 PHPNuke holes",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/1/245691"
        },
        {
          "name": "20011220 1 last CSS hole in PHPNuke :)",
          "tags": [
            "mailing-list",
            "x_refsource_VULN-DEV"
          ],
          "url": "http://online.securityfocus.com/archive/82/246603"
        },
        {
          "name": "phpnuke-postnuke-css(7654)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/7654.php"
        },
        {
          "name": "20011216 Phpnuke module.php vulnerability and php error_reporting issue",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/1/245875"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz"
        },
        {
          "name": "20011203 Phpnuke Cross site scripting vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/82/243545"
        },
        {
          "name": "3609",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3609"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20011215 PHPNuke holes",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/1/245691"
            },
            {
              "name": "20011220 1 last CSS hole in PHPNuke :)",
              "refsource": "VULN-DEV",
              "url": "http://online.securityfocus.com/archive/82/246603"
            },
            {
              "name": "phpnuke-postnuke-css(7654)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/7654.php"
            },
            {
              "name": "20011216 Phpnuke module.php vulnerability and php error_reporting issue",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/1/245875"
            },
            {
              "name": "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz",
              "refsource": "CONFIRM",
              "url": "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz"
            },
            {
              "name": "20011203 Phpnuke Cross site scripting vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/82/243545"
            },
            {
              "name": "3609",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3609"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1524",
    "datePublished": "2005-07-14T04:00:00",
    "dateReserved": "2005-07-14T00:00:00",
    "dateUpdated": "2024-08-08T04:58:11.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CB52E20-9A87-4CE4-9E75-B0833F083845\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E87A3E6-935F-4569-8B5F-70A88442FD4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7E4C570-648F-48EF-B965-16C5878A0CBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC3CBB92-6A11-4B5B-A910-B0287AB12846\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:4.4.1a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C17255B-64E1-4DFF-8C21-8BB1D78A5256\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93B755A9-694E-49FA-9068-353203AF9965\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA0B88AD-CACF-4E48-A4B1-313FFE32D058\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF4C3F85-A23C-40B9-9B0F-564E7C254AA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EAF55C4-F0A7-4A36-B203-83670D58483F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3ED3BFC-C8CF-4537-832C-0D00400AC064\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C94B62CA-8D34-4B37-8748-1FE64F0299DF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.\"}]",
      "id": "CVE-2001-1524",
      "lastModified": "2024-11-20T23:37:53.530",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2001-12-31T05:00:00.000",
      "references": "[{\"url\": \"http://online.securityfocus.com/archive/1/245691\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://online.securityfocus.com/archive/1/245875\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://online.securityfocus.com/archive/82/243545\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://online.securityfocus.com/archive/82/246603\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.iss.net/security_center/static/7654.php\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/3609\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://online.securityfocus.com/archive/1/245691\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://online.securityfocus.com/archive/1/245875\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://online.securityfocus.com/archive/82/243545\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://online.securityfocus.com/archive/82/246603\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.iss.net/security_center/static/7654.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/3609\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2001-1524\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2001-12-31T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB52E20-9A87-4CE4-9E75-B0833F083845\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E87A3E6-935F-4569-8B5F-70A88442FD4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7E4C570-648F-48EF-B965-16C5878A0CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC3CBB92-6A11-4B5B-A910-B0287AB12846\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:4.4.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C17255B-64E1-4DFF-8C21-8BB1D78A5256\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93B755A9-694E-49FA-9068-353203AF9965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA0B88AD-CACF-4E48-A4B1-313FFE32D058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF4C3F85-A23C-40B9-9B0F-564E7C254AA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EAF55C4-F0A7-4A36-B203-83670D58483F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3ED3BFC-C8CF-4537-832C-0D00400AC064\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C94B62CA-8D34-4B37-8748-1FE64F0299DF\"}]}]}],\"references\":[{\"url\":\"http://online.securityfocus.com/archive/1/245691\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://online.securityfocus.com/archive/1/245875\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://online.securityfocus.com/archive/82/243545\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://online.securityfocus.com/archive/82/246603\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.iss.net/security_center/static/7654.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/3609\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://online.securityfocus.com/archive/1/245691\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://online.securityfocus.com/archive/1/245875\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://online.securityfocus.com/archive/82/243545\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://online.securityfocus.com/archive/82/246603\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.iss.net/security_center/static/7654.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/3609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200112-0177

Vulnerability from variot - Updated: 2023-12-18 12:24

Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php. PHPNuke is a website creation/maintenance tool. PHPNuke is prone to cross-site scripting attacks. It is possible to create a link to the PHPNuke user information page, 'user.php', which contains malicious script code. When the link is clicked by an unsuspecting web user, the malicious script code will be executed on the user in the context of the site running PHPNuke. This attack may be used to steal a user's cookie-based authentication credentials for the vulnerable PHPNuke site. PostNuke is also affected by a number of these issues. This problem has also been reported with other scripts included in the PHPNuke package. More specifically, modules.php, upload.php, friend.php and submit.php are also vulnerable under some circumstances. Different parameters to the user.php script may also be sufficient for a cross-site scripting attack. An additional cross-site scripting vulnerability has been reported in modules.php for PostNuke. **It has been reported that the cross-site scripting issue affecting the 'ttitle' parameter of 'modules.php' script has been re-introduced in newer versions of the PHPNuke application. This issue is reported to affect versions 7.2 and prior

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200112-0177",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "5.0"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "5.3.1"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "5.2a"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "5.2"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "5.1"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "4.4"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "4.3"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "3.0"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "5.0.1"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "4.4.1a"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "francisco burzi",
        "version": "4.0"
      },
      {
        "model": "development team postnuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "postnuke",
        "version": "0.64"
      },
      {
        "model": "development team postnuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "postnuke",
        "version": "0.63"
      },
      {
        "model": "development team postnuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "postnuke",
        "version": "0.62"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.2"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.1"
      },
      {
        "model": "burzi php-nuke final",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.9"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.7"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.6"
      },
      {
        "model": "burzi php-nuke rc3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke final",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.51"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.3.1"
      },
      {
        "model": "burzi php-nuke a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.2"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.2"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.1"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.0.1"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.0"
      },
      {
        "model": "burzi php-nuke a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "4.4.1"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "4.4"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "4.3"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "4.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "3.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "2.5"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "1.0"
      },
      {
        "model": "development team postnuke",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "postnuke",
        "version": "0.71"
      },
      {
        "model": "burzi php-nuke",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.5"
      },
      {
        "model": "burzi php-nuke",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "5.4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "3609"
      },
      {
        "db": "NVD",
        "id": "CVE-2001-1524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200112-201"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.4.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2001-1524"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This vulnerability was submitted to BugTraq on December 3rd, 2001 by Cabezon Aurlien \u003caurelien.cabezon@isecurelabs.com\u003e.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200112-201"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2001-1524",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-4325",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2001-1524",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200112-201",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-4325",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-4325"
      },
      {
        "db": "NVD",
        "id": "CVE-2001-1524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200112-201"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php. PHPNuke is a website creation/maintenance tool. \nPHPNuke is prone to cross-site scripting attacks. It is possible to create a link to the PHPNuke user information page, \u0027user.php\u0027, which contains malicious script code. When the link is clicked by an unsuspecting web user, the malicious script code will be executed on the user in the context of the site running PHPNuke. \nThis attack may be used to steal a user\u0027s cookie-based authentication credentials for the vulnerable PHPNuke site. \nPostNuke is also affected by a number of these issues. \nThis problem has also been reported with other scripts included in the PHPNuke package.  More specifically, modules.php, upload.php, friend.php and submit.php are also vulnerable under some circumstances.  Different parameters to the user.php script may also be sufficient for a cross-site scripting attack. \nAn additional cross-site scripting vulnerability has been reported in modules.php for PostNuke. \n**It has been reported that the cross-site scripting issue affecting the \u0027ttitle\u0027 parameter of \u0027modules.php\u0027 script has been re-introduced in newer versions of the PHPNuke application.  This issue is reported to affect versions 7.2 and prior",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2001-1524"
      },
      {
        "db": "BID",
        "id": "3609"
      },
      {
        "db": "VULHUB",
        "id": "VHN-4325"
      }
    ],
    "trust": 1.26
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-4325",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-4325"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "3609",
        "trust": 2.0
      },
      {
        "db": "NVD",
        "id": "CVE-2001-1524",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200112-201",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "7654",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "21165",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "21166",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-75001",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-75002",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-4325",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-4325"
      },
      {
        "db": "BID",
        "id": "3609"
      },
      {
        "db": "NVD",
        "id": "CVE-2001-1524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200112-201"
      }
    ]
  },
  "id": "VAR-200112-0177",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-4325"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:24:47.045000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2001-1524"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/3609"
      },
      {
        "trust": 1.7,
        "url": "http://prdownloads.sourceforge.net/phpnuke/php-nuke-5.5.tar.gz"
      },
      {
        "trust": 1.7,
        "url": "http://www.iss.net/security_center/static/7654.php"
      },
      {
        "trust": 1.1,
        "url": "http://online.securityfocus.com/archive/82/243545"
      },
      {
        "trust": 1.1,
        "url": "http://online.securityfocus.com/archive/1/245691"
      },
      {
        "trust": 1.1,
        "url": "http://online.securityfocus.com/archive/1/245875"
      },
      {
        "trust": 1.1,
        "url": "http://online.securityfocus.com/archive/82/246603"
      },
      {
        "trust": 0.3,
        "url": "http://www.securityfocus.com/archive/82/246603"
      },
      {
        "trust": 0.3,
        "url": "http://www.irannuke.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/362266"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-4325"
      },
      {
        "db": "BID",
        "id": "3609"
      },
      {
        "db": "NVD",
        "id": "CVE-2001-1524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200112-201"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-4325"
      },
      {
        "db": "BID",
        "id": "3609"
      },
      {
        "db": "NVD",
        "id": "CVE-2001-1524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200112-201"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2001-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-4325"
      },
      {
        "date": "2001-12-03T00:00:00",
        "db": "BID",
        "id": "3609"
      },
      {
        "date": "2001-12-31T05:00:00",
        "db": "NVD",
        "id": "CVE-2001-1524"
      },
      {
        "date": "2001-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200112-201"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-09-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-4325"
      },
      {
        "date": "2001-12-03T00:00:00",
        "db": "BID",
        "id": "3609"
      },
      {
        "date": "2008-09-10T19:10:53.633000",
        "db": "NVD",
        "id": "CVE-2001-1524"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200112-201"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200112-201"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHPNuke Multiple cross-site scripting vulnerabilities",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200112-201"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200112-201"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2001-1524

Vulnerability from fkie_nvd - Published: 2001-12-31 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://online.securityfocus.com/archive/1/245691
cve@mitre.org	http://online.securityfocus.com/archive/1/245875
cve@mitre.org	http://online.securityfocus.com/archive/82/243545
cve@mitre.org	http://online.securityfocus.com/archive/82/246603
cve@mitre.org	http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz	Patch
cve@mitre.org	http://www.iss.net/security_center/static/7654.php
cve@mitre.org	http://www.securityfocus.com/bid/3609
af854a3a-2127-422b-91ae-364da2661108	http://online.securityfocus.com/archive/1/245691
af854a3a-2127-422b-91ae-364da2661108	http://online.securityfocus.com/archive/1/245875
af854a3a-2127-422b-91ae-364da2661108	http://online.securityfocus.com/archive/82/243545
af854a3a-2127-422b-91ae-364da2661108	http://online.securityfocus.com/archive/82/246603
af854a3a-2127-422b-91ae-364da2661108	http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/7654.php
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/3609

Impacted products

Vendor	Product	Version
francisco_burzi	php-nuke	3.0
francisco_burzi	php-nuke	4.0
francisco_burzi	php-nuke	4.3
francisco_burzi	php-nuke	4.4
francisco_burzi	php-nuke	4.4.1a
francisco_burzi	php-nuke	5.0
francisco_burzi	php-nuke	5.0.1
francisco_burzi	php-nuke	5.1
francisco_burzi	php-nuke	5.2
francisco_burzi	php-nuke	5.2a
francisco_burzi	php-nuke	5.3.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB52E20-9A87-4CE4-9E75-B0833F083845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E87A3E6-935F-4569-8B5F-70A88442FD4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7E4C570-648F-48EF-B965-16C5878A0CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC3CBB92-6A11-4B5B-A910-B0287AB12846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:4.4.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C17255B-64E1-4DFF-8C21-8BB1D78A5256",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93B755A9-694E-49FA-9068-353203AF9965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0B88AD-CACF-4E48-A4B1-313FFE32D058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF4C3F85-A23C-40B9-9B0F-564E7C254AA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EAF55C4-F0A7-4A36-B203-83670D58483F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3ED3BFC-C8CF-4537-832C-0D00400AC064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C94B62CA-8D34-4B37-8748-1FE64F0299DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php."
    }
  ],
  "id": "CVE-2001-1524",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/archive/1/245691"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/archive/1/245875"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/archive/82/243545"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/archive/82/246603"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/7654.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/archive/1/245691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/archive/1/245875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/archive/82/243545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/archive/82/246603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/7654.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3609"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-GR63-V8QW-4WJF

Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2022-04-30 18:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2001-1524"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2001-12-31T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.",
  "id": "GHSA-gr63-v8qw-4wjf",
  "modified": "2022-04-30T18:18:12Z",
  "published": "2022-04-30T18:18:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2001-1524"
    },
    {
      "type": "WEB",
      "url": "http://online.securityfocus.com/archive/1/245691"
    },
    {
      "type": "WEB",
      "url": "http://online.securityfocus.com/archive/1/245875"
    },
    {
      "type": "WEB",
      "url": "http://online.securityfocus.com/archive/82/243545"
    },
    {
      "type": "WEB",
      "url": "http://online.securityfocus.com/archive/82/246603"
    },
    {
      "type": "WEB",
      "url": "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/7654.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/3609"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2001-1524

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2001-1524

Aliases

CVE-2001-1524

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2001-1524",
    "description": "Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.",
    "id": "GSD-2001-1524"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2001-1524"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.",
      "id": "GSD-2001-1524",
      "modified": "2023-12-13T01:19:02.550297Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2001-1524",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20011215 PHPNuke holes",
            "refsource": "BUGTRAQ",
            "url": "http://online.securityfocus.com/archive/1/245691"
          },
          {
            "name": "20011220 1 last CSS hole in PHPNuke :)",
            "refsource": "VULN-DEV",
            "url": "http://online.securityfocus.com/archive/82/246603"
          },
          {
            "name": "phpnuke-postnuke-css(7654)",
            "refsource": "XF",
            "url": "http://www.iss.net/security_center/static/7654.php"
          },
          {
            "name": "20011216 Phpnuke module.php vulnerability and php error_reporting issue",
            "refsource": "BUGTRAQ",
            "url": "http://online.securityfocus.com/archive/1/245875"
          },
          {
            "name": "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz",
            "refsource": "CONFIRM",
            "url": "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz"
          },
          {
            "name": "20011203 Phpnuke Cross site scripting vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://online.securityfocus.com/archive/82/243545"
          },
          {
            "name": "3609",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/3609"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:4.4.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1524"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20011203 Phpnuke Cross site scripting vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://online.securityfocus.com/archive/82/243545"
            },
            {
              "name": "20011215 PHPNuke holes",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://online.securityfocus.com/archive/1/245691"
            },
            {
              "name": "20011216 Phpnuke module.php vulnerability and php error_reporting issue",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://online.securityfocus.com/archive/1/245875"
            },
            {
              "name": "20011220 1 last CSS hole in PHPNuke :)",
              "refsource": "VULN-DEV",
              "tags": [],
              "url": "http://online.securityfocus.com/archive/82/246603"
            },
            {
              "name": "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz"
            },
            {
              "name": "phpnuke-postnuke-css(7654)",
              "refsource": "XF",
              "tags": [],
              "url": "http://www.iss.net/security_center/static/7654.php"
            },
            {
              "name": "3609",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/3609"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2008-09-10T19:10Z",
      "publishedDate": "2001-12-31T05:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2001-1524 (GCVE-0-2001-1524)

VAR-200112-0177

FKIE_CVE-2001-1524

GHSA-GR63-V8QW-4WJF

GSD-2001-1524

Tags

Sightings

Nomenclature