Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
References
Configurations
Configuration 1 (hide)
AND |
|
History
20 Nov 2024, 23:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html - Exploit | |
References | () http://secunia.com/advisories/8125 - | |
References | () http://www.osvdb.org/3931 - | |
References | () http://www.securityfocus.com/bid/6892 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/11376 - |
Information
Published : 2003-12-31 05:00
Updated : 2024-11-20 23:46
NVD link : CVE-2003-1372
Mitre link : CVE-2003-1372
CVE.ORG link : CVE-2003-1372
JSON object : View
Products Affected
unix
- unix
linux
- linux_kernel
myphpnuke
- myphpnuke
microsoft
- all_windows
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')