PHP-Nuke Cross-Site Scripting Vulnerabilities
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb
Share:
Sponsors:
Janek Vind "waraxe" has reported two vulnerabilities in PHP-Nuke, which can be exploited by malicious people to conduct cross-site scripting attacks.
Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
read here
secunia.com/advisories/14289/
waraxe.us/advisory-40.html
fix is i here
nukefixes.com/ftopicp-3901.html#3901
Article submitted by: Some1
Last Update: 02-16-2005
Category: Security
Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
read here
secunia.com/advisories/14289/
waraxe.us/advisory-40.html
fix is i here
nukefixes.com/ftopicp-3901.html#3901
Article submitted by: Some1
Last Update: 02-16-2005
Category: Security
Current rating: 5.54 by 48 users
| Would you recommend this article to a friend? |
| Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Related News Stories
(9,413 reads) 07-05-2008
· Fusion Security(15,104 reads) 06-02-2007
· NukeSentinel(tm)2.5.10 Critical Update(13,860 reads) 05-07-2007
· NukeSentinel(tm) 2.5.08 Maintainance Release(15,334 reads) 03-15-2007
· NukeSentinel(tm) 2.5.07 Reissued: Critical Update(13,830 reads) 03-02-2007
· NukeSentinel(tm) 2.5.06: Critical Update(14,592 reads) 01-23-2007
· NukeSentinel(tm) 2.5.05 released(14,616 reads) 12-24-2006
· NukeSentinel 2.5.04 released(14,342 reads) 11-03-2006
· NukeSentinel(tm) 2.5.03 Released(18,181 reads) 10-19-2006
· Php Nuke 8.0 Patched(14,568 reads) 10-01-2006
· ipBan Modification
Please register or sign-in to post comments.