cvelistv5 - cve-2004-2293

CVE-2004-2293 (GCVE-0-2004-2293)

Vulnerability from cvelistv5 – Published: 2005-08-04 04:00 – Updated: 2024-08-08 01:22

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.osvdb.org/6999	vdb-entryx_refsource_OSVDB
	http://www.osvdb.org/6997	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/11852	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/365865	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/10524	vdb-entryx_refsource_BID
	http://www.osvdb.org/6998	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:22:13.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "phpnuke-faq-encyclopedia-xss(16406)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
          },
          {
            "name": "6999",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/6999"
          },
          {
            "name": "6997",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/6997"
          },
          {
            "name": "11852",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/11852"
          },
          {
            "name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/365865"
          },
          {
            "name": "10524",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10524"
          },
          {
            "name": "6998",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/6998"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "phpnuke-faq-encyclopedia-xss(16406)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
        },
        {
          "name": "6999",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/6999"
        },
        {
          "name": "6997",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/6997"
        },
        {
          "name": "11852",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/11852"
        },
        {
          "name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/365865"
        },
        {
          "name": "10524",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10524"
        },
        {
          "name": "6998",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/6998"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2293",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "phpnuke-faq-encyclopedia-xss(16406)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
            },
            {
              "name": "6999",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/6999"
            },
            {
              "name": "6997",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/6997"
            },
            {
              "name": "11852",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/11852"
            },
            {
              "name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/365865"
            },
            {
              "name": "10524",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10524"
            },
            {
              "name": "6998",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/6998"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2293",
    "datePublished": "2005-08-04T04:00:00",
    "dateReserved": "2005-08-04T00:00:00",
    "dateUpdated": "2024-08-08T01:22:13.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91CC84AB-0BA6-45BE-9DE8-7243FBF00EB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23264211-2992-4222-9B96-5ABEE1332C5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7F76C32-E24D-4B62-88CE-2D23F457573B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F90A3E1F-0371-45C0-A165-55D94A62C3DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F80A5D98-6C48-461F-8B96-BD32A96CDCA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92F4E55E-4424-4EC8-8013-9A0FFE7D3658\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DA61C83-9CE0-4B5E-A8A1-B9C5C9D74084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B13CCAA-839F-406D-A7F3-975B4780425A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D375197-0087-479C-991B-964FB83644F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70F6320E-314D-4A8F-BC9A-29F730035C68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EE03D77-9AA8-4DC6-936D-0459BD26B64B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3E16D17-B704-4ADA-8F91-B7D96FB52909\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA80B501-6EC3-4C8E-A83D-F08FC659CF82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87591D05-AC0B-4047-AE5B-69EBEF63ED5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBB90508-B7AE-4018-B88C-7A09F1EEFAB5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.\"}]",
      "id": "CVE-2004-2293",
      "lastModified": "2024-11-20T23:52:58.893",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2004-12-31T05:00:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/11852\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/6997\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.osvdb.org/6998\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.osvdb.org/6999\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/365865\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/10524\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/16406\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/11852\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/6997\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.osvdb.org/6998\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.osvdb.org/6999\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/365865\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/10524\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/16406\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-2293\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-12-31T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91CC84AB-0BA6-45BE-9DE8-7243FBF00EB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23264211-2992-4222-9B96-5ABEE1332C5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7F76C32-E24D-4B62-88CE-2D23F457573B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F90A3E1F-0371-45C0-A165-55D94A62C3DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F80A5D98-6C48-461F-8B96-BD32A96CDCA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92F4E55E-4424-4EC8-8013-9A0FFE7D3658\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DA61C83-9CE0-4B5E-A8A1-B9C5C9D74084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B13CCAA-839F-406D-A7F3-975B4780425A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D375197-0087-479C-991B-964FB83644F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70F6320E-314D-4A8F-BC9A-29F730035C68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EE03D77-9AA8-4DC6-936D-0459BD26B64B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3E16D17-B704-4ADA-8F91-B7D96FB52909\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA80B501-6EC3-4C8E-A83D-F08FC659CF82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87591D05-AC0B-4047-AE5B-69EBEF63ED5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBB90508-B7AE-4018-B88C-7A09F1EEFAB5\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/11852\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/6997\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/6998\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/6999\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/365865\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/10524\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/16406\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/11852\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/6997\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/6998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/6999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/365865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/10524\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/16406\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-G43W-C8RF-68PH

Vulnerability from github – Published: 2022-04-29 03:01 – Updated: 2022-04-29 03:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-2293"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-12-31T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.",
  "id": "GHSA-g43w-c8rf-68ph",
  "modified": "2022-04-29T03:01:10Z",
  "published": "2022-04-29T03:01:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-2293"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/11852"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/6997"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/6998"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/6999"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/365865"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/10524"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2004-2293

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2004-2293

Aliases

CVE-2004-2293

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-2293",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.",
    "id": "GSD-2004-2293"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-2293"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.",
      "id": "GSD-2004-2293",
      "modified": "2023-12-13T01:22:55.741929Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-2293",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "phpnuke-faq-encyclopedia-xss(16406)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
          },
          {
            "name": "6999",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/6999"
          },
          {
            "name": "6997",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/6997"
          },
          {
            "name": "11852",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/11852"
          },
          {
            "name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/365865"
          },
          {
            "name": "10524",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/10524"
          },
          {
            "name": "6998",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/6998"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2293"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]",
              "refsource": "BUGTRAQ",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/archive/1/365865"
            },
            {
              "name": "10524",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/10524"
            },
            {
              "name": "6997",
              "refsource": "OSVDB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.osvdb.org/6997"
            },
            {
              "name": "6998",
              "refsource": "OSVDB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.osvdb.org/6998"
            },
            {
              "name": "6999",
              "refsource": "OSVDB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.osvdb.org/6999"
            },
            {
              "name": "11852",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/11852"
            },
            {
              "name": "phpnuke-faq-encyclopedia-xss(16406)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-11T01:31Z",
      "publishedDate": "2004-12-31T05:00Z"
    }
  }
}

VAR-200412-0577

Vulnerability from variot - Updated: 2023-12-18 12:40

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023. PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple cross-site scripting vulnerabilities. These issues affect the 'Faq', 'Encyclopedia' and 'Reviews' modules. These cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the Web browser of the victim computer. PHP-Nuke is prone to an SQL Injection Vulnerability. Again the issue is due to a failure of the application to properly sanitize user-supplied input. The problem presents itself when SQL syntax is passed through the a parameter of the 'Reviews' module. As a result of this issue an attacker could modify the logic and structure of database queries. Finally a remote denial of service vulnerability is reported to exist in the score subsystem of the 'Review' module of PHP-Nuke, it is reported that a large number supplied as a value for a parameter passed to the 'Reviews' module will deny service to legitimate PHP-Nuke users

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200412-0577",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.0"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.7"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.6"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.5_beta1"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.5_rc3"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.5_rc2"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.5_final"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.5_rc1"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.5"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.9"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "francisco burzi",
        "version": "7.3"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "francisco burzi",
        "version": "7.0_final"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "francisco burzi",
        "version": "7.0"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "francisco burzi",
        "version": "7.2"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "francisco burzi",
        "version": "7.1"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.3"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.2"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.1"
      },
      {
        "model": "burzi php-nuke final",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.9"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.7"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.6"
      },
      {
        "model": "burzi php-nuke rc3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke final",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.51"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovery of these vulnerabilities is credited to Janek Vind \u003ccome2waraxe@yahoo.com\u003e.",
    "sources": [
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2004-2293",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-10721",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2004-2293",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2004-2293",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200412-416",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-10721",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2004-2293",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023. PHP-Nuke is prone to multiple vulnerabilities.  The issues result from insufficient sanitization of user-supplied data.  The following specific issues can affect the application:\nPHP-Nuke is prone to multiple cross-site scripting vulnerabilities. These issues affect the \u0027Faq\u0027, \u0027Encyclopedia\u0027 and \u0027Reviews\u0027 modules. \nThese cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code.  If a user follows the malicious link, the attacker-supplied code executes in the Web browser of the victim computer. \nPHP-Nuke is prone to an SQL Injection Vulnerability. Again the issue is due to a failure of the application to properly sanitize user-supplied input. The problem presents itself when SQL syntax is passed through the a parameter of the \u0027Reviews\u0027 module. \nAs a result of this issue an attacker could modify the logic and structure of database queries. \nFinally a remote denial of service vulnerability is reported to exist in the score subsystem of the \u0027Review\u0027 module of PHP-Nuke, it is reported that a large number supplied as a value for a parameter passed to the \u0027Reviews\u0027 module will deny service to legitimate PHP-Nuke users",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293"
      }
    ],
    "trust": 1.35
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-10721",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=24191",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "10524",
        "trust": 2.1
      },
      {
        "db": "OSVDB",
        "id": "6997",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "6998",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "6999",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "11852",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2004-2293",
        "trust": 1.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20040611 [WARAXE-2004-SA#032 - MULTIPLE SECURITY FLAWS IN PHPNUKE 6.X - 7.3]",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "16406",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "24191",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-77924",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-10721",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293"
      },
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "id": "VAR-200412-0577",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:40:31.055000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/10524"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/archive/1/365865"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/6997"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/6998"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/6999"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/11852"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/16406"
      },
      {
        "trust": 0.3,
        "url": "http://www.irannuke.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/365865"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/24191/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293"
      },
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293"
      },
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "date": "2004-12-31T00:00:00",
        "db": "VULMON",
        "id": "CVE-2004-2293"
      },
      {
        "date": "2004-06-11T00:00:00",
        "db": "BID",
        "id": "10524"
      },
      {
        "date": "2004-12-31T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "date": "2004-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2004-2293"
      },
      {
        "date": "2004-06-11T00:00:00",
        "db": "BID",
        "id": "10524"
      },
      {
        "date": "2017-07-11T01:31:46.327000",
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "date": "2005-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP-Nuke Multiple Input Validation Vulnerabilities",
    "sources": [
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2004-2293

Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/11852	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/6997	Exploit
cve@mitre.org	http://www.osvdb.org/6998	Exploit
cve@mitre.org	http://www.osvdb.org/6999	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/365865	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/10524	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/16406
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/11852	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/6997	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/6998	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/6999	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/365865	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/10524	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/16406

Impacted products

Vendor	Product	Version
francisco_burzi	php-nuke	6.0
francisco_burzi	php-nuke	6.5
francisco_burzi	php-nuke	6.5_beta1
francisco_burzi	php-nuke	6.5_final
francisco_burzi	php-nuke	6.5_rc1
francisco_burzi	php-nuke	6.5_rc2
francisco_burzi	php-nuke	6.5_rc3
francisco_burzi	php-nuke	6.6
francisco_burzi	php-nuke	6.7
francisco_burzi	php-nuke	6.9
francisco_burzi	php-nuke	7.0
francisco_burzi	php-nuke	7.0_final
francisco_burzi	php-nuke	7.1
francisco_burzi	php-nuke	7.2
francisco_burzi	php-nuke	7.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "91CC84AB-0BA6-45BE-9DE8-7243FBF00EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "23264211-2992-4222-9B96-5ABEE1332C5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7F76C32-E24D-4B62-88CE-2D23F457573B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "F90A3E1F-0371-45C0-A165-55D94A62C3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F80A5D98-6C48-461F-8B96-BD32A96CDCA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92F4E55E-4424-4EC8-8013-9A0FFE7D3658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA61C83-9CE0-4B5E-A8A1-B9C5C9D74084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B13CCAA-839F-406D-A7F3-975B4780425A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D375197-0087-479C-991B-964FB83644F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "70F6320E-314D-4A8F-BC9A-29F730035C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EE03D77-9AA8-4DC6-936D-0459BD26B64B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3E16D17-B704-4ADA-8F91-B7D96FB52909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA80B501-6EC3-4C8E-A83D-F08FC659CF82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "87591D05-AC0B-4047-AE5B-69EBEF63ED5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBB90508-B7AE-4018-B88C-7A09F1EEFAB5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023."
    }
  ],
  "id": "CVE-2004-2293",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/11852"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6997"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6998"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6999"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/365865"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/10524"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/11852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/365865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/10524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2004-2293 (GCVE-0-2004-2293)

GHSA-G43W-C8RF-68PH

GSD-2004-2293

VAR-200412-0577

FKIE_CVE-2004-2293

Tags

Sightings

Nomenclature