CVE-2004-0737

Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=109026609504767&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/16721
http://marc.info/?l=bugtraq&m=109026609504767&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/16721

Configurations

Configuration 1 (hide)

cpe:2.3:a:francisco_burzi:php-nuke:8.0_final:*:*:*:*:*:*:*

History

20 Nov 2024, 23:49

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=109026609504767&w=2 -~~	() http://marc.info/?l=bugtraq&m=109026609504767&w=2 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/16721 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/16721 -

Information

Published : 2004-07-27 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-0737

Mitre link : CVE-2004-0737

CVE.ORG link : CVE-2004-0737

JSON object : View

Products Affected

francisco_burzi

php-nuke

CWE

NVD-CWE-Other

{"id": "CVE-2004-0737", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2004-07-27T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=109026609504767&w=2", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16721", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=109026609504767&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16721", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php del m\u00f3dulo Busqueda de Php-Nuke permite a atacantes remotos inyectar script web o HTML de su elecci\u00f3n mdiante los par\u00e1metros (1) sid, (2) max, (3) sel1, (4) sel2, (5)sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, o (11) mod3 ."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:francisco_burzi:php-nuke:8.0_final:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0E8268D-8E87-42B0-A0CD-D55DAD8F0FA9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10