CVE-2005-4260

Published: Dec 15, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.

Affected (8)

Products: Francisco Burzi: Php Nuke

Francisco Burzi

1 product

Php Nuke

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Francisco Burzi Php Nuke	Version 7.0
Francisco Burzi Php Nuke	Version 7.1
Francisco Burzi Php Nuke	Version 7.2
Francisco Burzi Php Nuke	Version 7.3
Francisco Burzi Php Nuke	Version 7.6
Francisco Burzi Php Nuke	Version 7.7
Francisco Burzi Php Nuke	Version 7.8
Francisco Burzi Php Nuke	Version 7.9

References (6)

http://www.securityfocus.com/archive/1/419496/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/419991/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/15855

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/419496/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/419991/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/15855

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.