CVE-2005-4260 : Details

Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.

Metriken

EPSS

EPSS-Score

EPSS-Perzentil

Exploit-Informationen

Exploit Database EDB-ID : 26817

Veröffentlichungsdatum : 2005-12-13 23h00 +00:00
Autor : Maksymilian Arciemowicz
EDB-Verifiziert : Yes

Products Mentioned

Configuraton 0

Francisco_burzi>>Php-nuke >> Version 7.0

Francisco_burzi>>Php-nuke >> Version 7.1

Francisco_burzi>>Php-nuke >> Version 7.2

Francisco_burzi>>Php-nuke >> Version 7.3

Francisco_burzi>>Php-nuke >> Version 7.6

Francisco_burzi>>Php-nuke >> Version 7.7

Francisco_burzi>>Php-nuke >> Version 7.8

Francisco_burzi>>Php-nuke >> Version 7.9

Referenzen