CVE-2005-4260 : Szczegóły

Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.

Metryki

EPSS

Wynik EPSS

Percentyl EPSS

Informacje o exploicie

Exploit Database EDB-ID : 26817

Data publikacji : 2005-12-13 23h00 +00:00
Autor : Maksymilian Arciemowicz
Zweryfikowane przez EDB : Yes

Products Mentioned

Configuraton 0

Francisco_burzi>>Php-nuke >> Version 7.0

Francisco_burzi>>Php-nuke >> Version 7.1

Francisco_burzi>>Php-nuke >> Version 7.2

Francisco_burzi>>Php-nuke >> Version 7.3

Francisco_burzi>>Php-nuke >> Version 7.6

Francisco_burzi>>Php-nuke >> Version 7.7

Francisco_burzi>>Php-nuke >> Version 7.8

Francisco_burzi>>Php-nuke >> Version 7.9

Odniesienia