PHP-Nuke Cross-Site Scripting Vulnerabilities


Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
Share:
Sponsors:

Janek Vind "waraxe" has reported two vulnerabilities in PHP-Nuke, which can be exploited by malicious people to conduct cross-site scripting attacks.

Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

read here

secunia.com/advisories/14289/
waraxe.us/advisory-40.html

fix is i here

nukefixes.com/ftopicp-3901.html#3901

Article submitted by: Some1
Last Update: 02-16-2005
Category: Security

Print | E-mail


Current rating: 5.54 by 48 users
Would you recommend this article to a friend?

Not a Chance 12345678910 Absolutely

Please register or sign-in to post comments.


Related News Stories

(9,455 reads) 07-05-2008
 · Fusion Security
(15,130 reads) 06-02-2007
 · NukeSentinel(tm)2.5.10 Critical Update
(13,896 reads) 05-07-2007
 · NukeSentinel(tm) 2.5.08 Maintainance Release
(15,362 reads) 03-15-2007
 · NukeSentinel(tm) 2.5.07 Reissued: Critical Update
(13,868 reads) 03-02-2007
 · NukeSentinel(tm) 2.5.06: Critical Update
(14,618 reads) 01-23-2007
 · NukeSentinel(tm) 2.5.05 released
(14,644 reads) 12-24-2006
 · NukeSentinel 2.5.04 released
(14,374 reads) 11-03-2006
 · NukeSentinel(tm) 2.5.03 Released
(18,211 reads) 10-19-2006
 · Php Nuke 8.0 Patched
(14,600 reads) 10-01-2006
 · ipBan Modification