CVE-2003-1400

Published Dec 31, 2003

Last updated 8 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93B755A9-694E-49FA-9068-353203AF9965"
          },
          {
            "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA0B88AD-CACF-4E48-A4B1-313FFE32D058"
          },
          {
            "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF4C3F85-A23C-40B9-9B0F-564E7C254AA5"
          },
          {
            "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EAF55C4-F0A7-4A36-B203-83670D58483F"
          },
          {
            "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3ED3BFC-C8CF-4537-832C-0D00400AC064"
          },
          {
            "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C94B62CA-8D34-4B37-8748-1FE64F0299DF"
          },
          {
            "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8720AE61-41C7-4EA8-8C01-81AC0BFACBCC"
          },
          {
            "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F6E1577-6E50-49E2-B968-8C2AA924142F"
          },
          {
            "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA9AE983-B6FF-4686-BDB3-E6B12D4E853E"
          },
          {
            "criteria": "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91CC84AB-0BA6-45BE-9DE8-7243FBF00EB8"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References