CVE-2003-1372

Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*
cpe:2.3:o:unix:unix:any_version:*:*:*:*:*:*:*
cpe:2.3:a:myphpnuke:myphpnuke:1.8.8:*:*:*:*:*:*:*

History

20 Nov 2024, 23:46

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html - Exploit () http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html - Exploit
References () http://secunia.com/advisories/8125 - () http://secunia.com/advisories/8125 -
References () http://www.osvdb.org/3931 - () http://www.osvdb.org/3931 -
References () http://www.securityfocus.com/bid/6892 - Exploit () http://www.securityfocus.com/bid/6892 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/11376 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/11376 -

Information

Published : 2003-12-31 05:00

Updated : 2024-11-20 23:46


NVD link : CVE-2003-1372

Mitre link : CVE-2003-1372

CVE.ORG link : CVE-2003-1372


JSON object : View

Products Affected

unix

  • unix

linux

  • linux_kernel

myphpnuke

  • myphpnuke

microsoft

  • all_windows
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')