CVE-2003-1372
Published Dec 31, 2003
Last updated 7 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
},
{
"criteria": "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3AB4B29F-4C60-48A0-8F58-BCBDC58B697E"
},
{
"criteria": "cpe:2.3:o:unix:unix:any_version:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CF8C2159-A91B-4599-BDDA-AEC890150B00"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D673DA6-49A1-425C-8A59-66479784FD73"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]