Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.
References
Link | Resource |
---|---|
http://www.waraxe.us/index.php?modname=sa&id=16 | Exploit Vendor Advisory |
http://www.securityfocus.com/bid/10128 | Exploit Vendor Advisory |
http://secunia.com/advisories/11347 | Vendor Advisory |
http://marc.info/?l=bugtraq&m=108182759214035&w=2 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/15842 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2004-04-11 21:00
Updated : 2017-07-10 18:31
NVD link : CVE-2004-1930
Mitre link : CVE-2004-1930
JSON object : View
CWE
Products Affected
francisco_burzi
- php-nuke