PHP-Nuke 6.0 - Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/6409/info It has been discovered that multiple PHP scripts used by PHP-Nuke are vulnerable to cross-sitescripting attacks. Due to insufficient sanitization of web requests it is possible for script code to be embedded in...

CVE-2002-1803

CVE-2002-1803 describes a cross-site scripting (XSS) flaw in PHP-Nuke 6.0 that allows remote attackers to inject arbitrary script/HTML via Javascript in an IMG tag. Affected software is PHP-Nuke 6.0; the root cause is an XSS vulnerability exposed by image tags, enabling arbitrary code execution i...

CVE-2002-1803

Cross-site scripting XSS vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag...

CVE-2004-1830

CVE-2004-1830 : The error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information by supplying invalid (language, newlang, or lang) parameters, which leaks the pathname in a PHP error message. This is a information-disclosure issue affecting the specified...

CVE-2004-1829

Affected product: Gijza.net Error Manager 2.1 for PHP-Nuke 6.0. Vulnerability: multiple cross-site scripting (XSS) in error.php, exploitable via the pagetitle, error, or certain error-log parameters. Root cause: insufficient input validation in error handling leading to injection of arbitrary web...

PHP-Nuke 6.0 - Multiple Full Path Disclosure Vulnerabilities

PHP-Nuke 6.0 - Multiple Full Path Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/6406/info Multiple path disclosure vulnerabilities have been discovered in PHP-Nuke. This issue occurs when requesting a PHP script that shouldn't be accessed directly. Exploiting this issue wil...