Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00024
Percentile: 0.04821

CVSS Scoring

Affected Products

• cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*
• cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*
• cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*
• cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*
• cpe:2.3:a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*
• cpe:2.3:a:francisco_burzi:php-nuke:7.7:*:*:*:*:*:*:*
• cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*
• cpe:2.3:a:francisco_burzi:php-nuke:7.9:*:*:*:*:*:*:*

← Back to Home