header-logo
Suggest Exploit
vendor:
PHPNuke
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: PHPNuke
Affected Version From: 7.8
Affected Version To: 7.8
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

PHPNuke Cross-Site Scripting Vulnerability

PHPNuke is prone to a cross-site scripting vulnerability. This issue affects the 'header.php' script. An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI. The malicious URI contains malicious HTML and script code that will be executed in the user's browser in the security context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

Users should avoid following untrusted links and should never supply sensitive information when prompted after clicking a malicious link.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16608/info

PHPNuke is prone to a cross-site scripting vulnerability. 

This issue affects the 'header.php' script.

PHPNuke 7.8 and prior versions are reportedly vulnerable.

http://www.example.com/nuke78/?pagetitle=w00t></title></head><body>test

Navigation

Suggest Exploit

Services By CQR

cqrsecured