Page 13 of 87 results (0.004 seconds)

CVSS: 6.8EPSS: 1%CPEs: 13EXPL: 3

Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules.php de Php-Nuke 6.x- 7.1.0 permite a atacantes remotos ejecutar scripts de su elección como otros usuarios mediante parámetros (1) título o (2) fname codifacidos en URL en los módulos News o Reviews. • https://www.exploit-db.com/exploits/23669 http://marc.info/?l=bugtraq&m=107634727520936&w=2 http://www.securityfocus.com/bid/9605 http://www.securityfocus.com/bid/9613 https://exchange.xforce.ibmcloud.com/vulnerabilities/15076 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 1

error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message. • https://www.exploit-db.com/exploits/23844 http://marc.info/?l=bugtraq&m=107963064317560&w=2 http://secunia.com/advisories/11164 http://www.osvdb.org/4386 http://www.securityfocus.com/bid/9911 https://exchange.xforce.ibmcloud.com/vulnerabilities/15524 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. • https://www.exploit-db.com/exploits/23814 http://marc.info/?l=bugtraq&m=107937752811633&w=2 http://secunia.com/advisories/11135 http://www.securityfocus.com/bid/9879 https://exchange.xforce.ibmcloud.com/vulnerabilities/15491 •

CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 3

The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. • https://www.exploit-db.com/exploits/22598 http://www.securityfocus.com/archive/1/321313 http://www.securityfocus.com/bid/7589 https://exchange.xforce.ibmcloud.com/vulnerabilities/12436 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. • http://www.securityfocus.com/archive/1/341743 http://www.securityfocus.com/bid/8848 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •