漏洞信息详情
PHP-Nuke MS-Analysis Module Multiple跨站脚本攻击漏洞
- CNNVD编号:CNNVD-200403-093
- 危害等级: 低危
- CVE编号: CVE-2004-1840
- 漏洞类型: 跨站脚本
- 发布时间: 2004-03-22
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: francisco_burzi
- 漏洞来源: is credited with the disclosure of these issues.');">Janek Vind <>
漏洞简介
PHP-Nuke的MS Analysis module 2.0版本存在Multiple跨站脚本攻击(XSS)漏洞。远程攻击者借助(1)modules.php的screen参数,(2)title.php的module_name参数,(3)modules.php的sortby参数,或(4)modules.php的overview参数注入任意web脚本或HTML。
漏洞公告
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
参考网址
来源: XF 名称: msanalysis-modules-title-xss(15575) 链接:http://xforce.iss.net/xforce/xfdb/15575 来源: BID 名称: 9947 链接:http://www.securityfocus.com/bid/9947 来源: BUGTRAQ 名称: 20040322 [waraxe-2004-SA#011 Multiple vulnerabilities in MS Analysis v2.0 module for PhpNuke] 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108006319730976&w=2
受影响实体
- Francisco_burzi Php-Nuke:7.0_final
- Francisco_burzi Php-Nuke:6.5
- Francisco_burzi Php-Nuke:6.5_beta1
- Francisco_burzi Php-Nuke:6.5_final
- Francisco_burzi Php-Nuke:6.5_rc1
补丁
暂无
评论