" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.">

CVE-2005-4260 : Detail

CVE-2005-4260

0.28%V3
Network
2005-12-15
10h00 +00:00
2018-10-19
12h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 26817

Publication date : 2005-12-13 23h00 +00:00
Author : Maksymilian Arciemowicz
EDB Verified : Yes

source: https://www.securityfocus.com/bid/15855/info PHPNuke is prone to a content filtering bypass vulnerability. This issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks. PHPNuke 7.9 and prior versions are reported to be vulnerable. URI: http://www.example.com/[DIR]/modules.php?name=Search Insert: <iframe src=http://www.example.com?phpnuke79 < URI: http://www.example.com/[DIR]//modules.php?name=Web_Links Insert: <iframe src=http://www.example.com?phpnuke79 <

Products Mentioned

Configuraton 0

Francisco_burzi>>Php-nuke >> Version 7.0

    Francisco_burzi>>Php-nuke >> Version 7.1

      Francisco_burzi>>Php-nuke >> Version 7.2

        Francisco_burzi>>Php-nuke >> Version 7.3

          Francisco_burzi>>Php-nuke >> Version 7.6

            Francisco_burzi>>Php-nuke >> Version 7.7

              Francisco_burzi>>Php-nuke >> Version 7.8

                Francisco_burzi>>Php-nuke >> Version 7.9

                  References

                  http://www.securityfocus.com/bid/15855
                  Tags : vdb-entry, x_refsource_BID