cvelistv5 - cve-2004-2293

cve-2004-2293

Vulnerability from cvelistv5

Published

2005-08-04 04:00

Modified

2024-08-08 01:22

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/11852	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/6997	Exploit
cve@mitre.org	http://www.osvdb.org/6998	Exploit
cve@mitre.org	http://www.osvdb.org/6999	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/365865	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/10524	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/16406
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/11852	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/6997	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/6998	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/6999	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/365865	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/10524	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/16406

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:22:13.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "phpnuke-faq-encyclopedia-xss(16406)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
          },
          {
            "name": "6999",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/6999"
          },
          {
            "name": "6997",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/6997"
          },
          {
            "name": "11852",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/11852"
          },
          {
            "name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/365865"
          },
          {
            "name": "10524",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10524"
          },
          {
            "name": "6998",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/6998"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "phpnuke-faq-encyclopedia-xss(16406)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
        },
        {
          "name": "6999",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/6999"
        },
        {
          "name": "6997",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/6997"
        },
        {
          "name": "11852",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/11852"
        },
        {
          "name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/365865"
        },
        {
          "name": "10524",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10524"
        },
        {
          "name": "6998",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/6998"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2293",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "phpnuke-faq-encyclopedia-xss(16406)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
            },
            {
              "name": "6999",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/6999"
            },
            {
              "name": "6997",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/6997"
            },
            {
              "name": "11852",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/11852"
            },
            {
              "name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/365865"
            },
            {
              "name": "10524",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10524"
            },
            {
              "name": "6998",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/6998"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2293",
    "datePublished": "2005-08-04T04:00:00",
    "dateReserved": "2005-08-04T00:00:00",
    "dateUpdated": "2024-08-08T01:22:13.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91CC84AB-0BA6-45BE-9DE8-7243FBF00EB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23264211-2992-4222-9B96-5ABEE1332C5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7F76C32-E24D-4B62-88CE-2D23F457573B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F90A3E1F-0371-45C0-A165-55D94A62C3DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F80A5D98-6C48-461F-8B96-BD32A96CDCA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92F4E55E-4424-4EC8-8013-9A0FFE7D3658\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DA61C83-9CE0-4B5E-A8A1-B9C5C9D74084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B13CCAA-839F-406D-A7F3-975B4780425A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D375197-0087-479C-991B-964FB83644F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70F6320E-314D-4A8F-BC9A-29F730035C68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EE03D77-9AA8-4DC6-936D-0459BD26B64B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3E16D17-B704-4ADA-8F91-B7D96FB52909\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA80B501-6EC3-4C8E-A83D-F08FC659CF82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87591D05-AC0B-4047-AE5B-69EBEF63ED5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBB90508-B7AE-4018-B88C-7A09F1EEFAB5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.\"}]",
      "id": "CVE-2004-2293",
      "lastModified": "2024-11-20T23:52:58.893",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2004-12-31T05:00:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/11852\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/6997\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.osvdb.org/6998\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.osvdb.org/6999\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/365865\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/10524\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/16406\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/11852\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/6997\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.osvdb.org/6998\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.osvdb.org/6999\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/365865\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/bid/10524\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/16406\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-2293\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-12-31T05:00:00.000\",\"lastModified\":\"2024-11-20T23:52:58.893\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91CC84AB-0BA6-45BE-9DE8-7243FBF00EB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23264211-2992-4222-9B96-5ABEE1332C5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7F76C32-E24D-4B62-88CE-2D23F457573B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F90A3E1F-0371-45C0-A165-55D94A62C3DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F80A5D98-6C48-461F-8B96-BD32A96CDCA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92F4E55E-4424-4EC8-8013-9A0FFE7D3658\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DA61C83-9CE0-4B5E-A8A1-B9C5C9D74084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B13CCAA-839F-406D-A7F3-975B4780425A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D375197-0087-479C-991B-964FB83644F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70F6320E-314D-4A8F-BC9A-29F730035C68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EE03D77-9AA8-4DC6-936D-0459BD26B64B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3E16D17-B704-4ADA-8F91-B7D96FB52909\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA80B501-6EC3-4C8E-A83D-F08FC659CF82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87591D05-AC0B-4047-AE5B-69EBEF63ED5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBB90508-B7AE-4018-B88C-7A09F1EEFAB5\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/11852\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/6997\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/6998\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/6999\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/365865\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/10524\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/16406\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/11852\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/6997\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/6998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/6999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/365865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/10524\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/16406\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2004-2293

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2004-2293

Aliases

CVE-2004-2293

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-2293",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.",
    "id": "GSD-2004-2293"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-2293"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.",
      "id": "GSD-2004-2293",
      "modified": "2023-12-13T01:22:55.741929Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-2293",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "phpnuke-faq-encyclopedia-xss(16406)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
          },
          {
            "name": "6999",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/6999"
          },
          {
            "name": "6997",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/6997"
          },
          {
            "name": "11852",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/11852"
          },
          {
            "name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/365865"
          },
          {
            "name": "10524",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/10524"
          },
          {
            "name": "6998",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/6998"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2293"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]",
              "refsource": "BUGTRAQ",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/archive/1/365865"
            },
            {
              "name": "10524",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/10524"
            },
            {
              "name": "6997",
              "refsource": "OSVDB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.osvdb.org/6997"
            },
            {
              "name": "6998",
              "refsource": "OSVDB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.osvdb.org/6998"
            },
            {
              "name": "6999",
              "refsource": "OSVDB",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.osvdb.org/6999"
            },
            {
              "name": "11852",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/11852"
            },
            {
              "name": "phpnuke-faq-encyclopedia-xss(16406)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-11T01:31Z",
      "publishedDate": "2004-12-31T05:00Z"
    }
  }
}

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023. PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application: PHP-Nuke is prone to multiple cross-site scripting vulnerabilities. These issues affect the 'Faq', 'Encyclopedia' and 'Reviews' modules. These cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the Web browser of the victim computer. PHP-Nuke is prone to an SQL Injection Vulnerability. Again the issue is due to a failure of the application to properly sanitize user-supplied input. The problem presents itself when SQL syntax is passed through the a parameter of the 'Reviews' module. As a result of this issue an attacker could modify the logic and structure of database queries. Finally a remote denial of service vulnerability is reported to exist in the score subsystem of the 'Review' module of PHP-Nuke, it is reported that a large number supplied as a value for a parameter passed to the 'Reviews' module will deny service to legitimate PHP-Nuke users

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200412-0577",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.0"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.7"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.6"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.5_beta1"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.5_rc3"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.5_rc2"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.5_final"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.5_rc1"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.5"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "francisco burzi",
        "version": "6.9"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "francisco burzi",
        "version": "7.3"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "francisco burzi",
        "version": "7.0_final"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "francisco burzi",
        "version": "7.0"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "francisco burzi",
        "version": "7.2"
      },
      {
        "model": "php-nuke",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "francisco burzi",
        "version": "7.1"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.3"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.2"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.1"
      },
      {
        "model": "burzi php-nuke final",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "7.0"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.9"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.7"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.6"
      },
      {
        "model": "burzi php-nuke rc3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke final",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.51"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.5"
      },
      {
        "model": "burzi php-nuke",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "francisco",
        "version": "6.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovery of these vulnerabilities is credited to Janek Vind \u003ccome2waraxe@yahoo.com\u003e.",
    "sources": [
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2004-2293",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-10721",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2004-2293",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2004-2293",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200412-416",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-10721",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2004-2293",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023. PHP-Nuke is prone to multiple vulnerabilities.  The issues result from insufficient sanitization of user-supplied data.  The following specific issues can affect the application:\nPHP-Nuke is prone to multiple cross-site scripting vulnerabilities. These issues affect the \u0027Faq\u0027, \u0027Encyclopedia\u0027 and \u0027Reviews\u0027 modules. \nThese cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code.  If a user follows the malicious link, the attacker-supplied code executes in the Web browser of the victim computer. \nPHP-Nuke is prone to an SQL Injection Vulnerability. Again the issue is due to a failure of the application to properly sanitize user-supplied input. The problem presents itself when SQL syntax is passed through the a parameter of the \u0027Reviews\u0027 module. \nAs a result of this issue an attacker could modify the logic and structure of database queries. \nFinally a remote denial of service vulnerability is reported to exist in the score subsystem of the \u0027Review\u0027 module of PHP-Nuke, it is reported that a large number supplied as a value for a parameter passed to the \u0027Reviews\u0027 module will deny service to legitimate PHP-Nuke users",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293"
      }
    ],
    "trust": 1.35
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-10721",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=24191",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "10524",
        "trust": 2.1
      },
      {
        "db": "OSVDB",
        "id": "6997",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "6998",
        "trust": 1.8
      },
      {
        "db": "OSVDB",
        "id": "6999",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "11852",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2004-2293",
        "trust": 1.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20040611 [WARAXE-2004-SA#032 - MULTIPLE SECURITY FLAWS IN PHPNUKE 6.X - 7.3]",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "16406",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "24191",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-77924",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-10721",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293"
      },
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "id": "VAR-200412-0577",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:40:31.055000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/10524"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/archive/1/365865"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/6997"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/6998"
      },
      {
        "trust": 1.8,
        "url": "http://www.osvdb.org/6999"
      },
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/11852"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/16406"
      },
      {
        "trust": 0.3,
        "url": "http://www.irannuke.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/365865"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/24191/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293"
      },
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-2293"
      },
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-12-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "date": "2004-12-31T00:00:00",
        "db": "VULMON",
        "id": "CVE-2004-2293"
      },
      {
        "date": "2004-06-11T00:00:00",
        "db": "BID",
        "id": "10524"
      },
      {
        "date": "2004-12-31T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "date": "2004-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-10721"
      },
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2004-2293"
      },
      {
        "date": "2004-06-11T00:00:00",
        "db": "BID",
        "id": "10524"
      },
      {
        "date": "2017-07-11T01:31:46.327000",
        "db": "NVD",
        "id": "CVE-2004-2293"
      },
      {
        "date": "2005-10-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PHP-Nuke Multiple Input Validation Vulnerabilities",
    "sources": [
      {
        "db": "BID",
        "id": "10524"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-416"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2004-2293

Vulnerability from fkie_nvd

Published

2004-12-31 05:00

Modified

2024-11-20 23:52

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/11852	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/6997	Exploit
cve@mitre.org	http://www.osvdb.org/6998	Exploit
cve@mitre.org	http://www.osvdb.org/6999	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/365865	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/10524	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/16406
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/11852	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/6997	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/6998	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/6999	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/365865	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/10524	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/16406

Impacted products

Vendor	Product	Version
francisco_burzi	php-nuke	6.0
francisco_burzi	php-nuke	6.5
francisco_burzi	php-nuke	6.5_beta1
francisco_burzi	php-nuke	6.5_final
francisco_burzi	php-nuke	6.5_rc1
francisco_burzi	php-nuke	6.5_rc2
francisco_burzi	php-nuke	6.5_rc3
francisco_burzi	php-nuke	6.6
francisco_burzi	php-nuke	6.7
francisco_burzi	php-nuke	6.9
francisco_burzi	php-nuke	7.0
francisco_burzi	php-nuke	7.0_final
francisco_burzi	php-nuke	7.1
francisco_burzi	php-nuke	7.2
francisco_burzi	php-nuke	7.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "91CC84AB-0BA6-45BE-9DE8-7243FBF00EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "23264211-2992-4222-9B96-5ABEE1332C5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7F76C32-E24D-4B62-88CE-2D23F457573B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "F90A3E1F-0371-45C0-A165-55D94A62C3DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F80A5D98-6C48-461F-8B96-BD32A96CDCA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92F4E55E-4424-4EC8-8013-9A0FFE7D3658",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA61C83-9CE0-4B5E-A8A1-B9C5C9D74084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B13CCAA-839F-406D-A7F3-975B4780425A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D375197-0087-479C-991B-964FB83644F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "70F6320E-314D-4A8F-BC9A-29F730035C68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EE03D77-9AA8-4DC6-936D-0459BD26B64B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3E16D17-B704-4ADA-8F91-B7D96FB52909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA80B501-6EC3-4C8E-A83D-F08FC659CF82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "87591D05-AC0B-4047-AE5B-69EBEF63ED5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBB90508-B7AE-4018-B88C-7A09F1EEFAB5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023."
    }
  ],
  "id": "CVE-2004-2293",
  "lastModified": "2024-11-20T23:52:58.893",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/11852"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6997"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6998"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6999"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/365865"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/10524"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/11852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.osvdb.org/6999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/365865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/10524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-g43w-c8rf-68ph

Vulnerability from github

Published

2022-04-29 03:01

Modified

2022-04-29 03:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-2293"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-12-31T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.  NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.",
  "id": "GHSA-g43w-c8rf-68ph",
  "modified": "2022-04-29T03:01:10Z",
  "published": "2022-04-29T03:01:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-2293"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/11852"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/6997"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/6998"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/6999"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/365865"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/10524"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2004-2293

Vulnerability from cvelistv5

gsd-2004-2293

Vulnerability from gsd

var-200412-0577

Vulnerability from variot

fkie_cve-2004-2293

Vulnerability from fkie_nvd

ghsa-g43w-c8rf-68ph

Vulnerability from github

Tags

Sightings

Nomenclature