CVE-2004-1840

Published: Mar 22, 2004Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php.

Affected (11)

Products: Francisco Burzi: Php Nuke

Francisco Burzi

1 product

Php Nuke

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Francisco Burzi Php Nuke	Version 6.5
Francisco Burzi Php Nuke	Version 6.5_beta1
Francisco Burzi Php Nuke	Version 6.5_final
Francisco Burzi Php Nuke	Version 6.5_rc1
Francisco Burzi Php Nuke	Version 6.5_rc2
Francisco Burzi Php Nuke	Version 6.5_rc3
Francisco Burzi Php Nuke	Version 6.6
Francisco Burzi Php Nuke	Version 6.7
Francisco Burzi Php Nuke	Version 6.9
Francisco Burzi Php Nuke	Version 7.0
Francisco Burzi Php Nuke	Version 7.0_final

References (6)

http://marc.info/?l=bugtraq&m=108006319730976&w=2

Source: cve@mitre.org

http://www.securityfocus.com/bid/9947

Source: cve@mitre.org

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/15575

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=108006319730976&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/9947

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/15575

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.