CVE-2003-1547

Current Description

Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter.

Basic Data

PublishedDecember 31, 2003
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationFrancisco BurziPhp-nuke6.5*******
    2.3ApplicationFrancisco BurziPhp-nuke6.5_beta1*******
    2.3ApplicationFrancisco BurziPhp-nuke6.5_rc1*******
    2.3ApplicationFrancisco BurziPhp-nuke6.5_rc2*******
    2.3ApplicationFrancisco BurziPhp-nuke6.5_rc3*******

Vulnerable Software List

VendorProductVersions
Francisco Burzi Php-nuke 6.5, 6.5_beta1, 6.5_rc1, 6.5_rc2, 6.5_rc3

References

NameSourceURLTags
8478http://secunia.com/advisories/8478SECUNIAVendor Advisory
3718http://securityreason.com/securityalert/3718SREASON
20030331 PHP-Nuke block-Forums.php subject vulnerabilitieshttp://www.securityfocus.com/archive/1/316925/30/25250/threadedBUGTRAQ
20030401 Re: PHP-Nuke block-Forums.php subject vulnerabilitieshttp://www.securityfocus.com/archive/1/317230/30/25220/threadedBUGTRAQ
7248http://www.securityfocus.com/bid/7248BID
phpnuke-blockforums-subject-xss(11675)https://exchange.xforce.ibmcloud.com/vulnerabilities/11675XF