ID

VAR-200212-0503


CVE

CVE-2002-1803


TITLE

PHPNuke News information HTML Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-226

DESCRIPTION

Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. Problems with PHPNuke could make it possible to execute arbitrary script code in a vulnerable client. PHPNuke does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains malicious HTML code, the code contained in the posted message would be executed in the browser of the vulnerable user. This will occur in the context of the site running the PHPNuke software. PHP-Nuke version 6.0 has a cross-site scripting (XSS) vulnerability

Trust: 1.26

sources: NVD: CVE-2002-1803 // BID: 5796 // VULHUB: VHN-6186

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:6.0

Trust: 1.6

vendor:franciscomodel:burzi php-nukescope:eqversion:6.0

Trust: 0.3

sources: BID: 5796 // CNNVD: CNNVD-200212-226 // NVD: CVE-2002-1803

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1803
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200212-226
value: MEDIUM

Trust: 0.6

VULHUB: VHN-6186
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-1803
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-6186
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-6186 // CNNVD: CNNVD-200212-226 // NVD: CVE-2002-1803

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1803

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-226

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200212-226

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-6186

EXTERNAL IDS

db:BIDid:5796

Trust: 2.0

db:NVDid:CVE-2002-1803

Trust: 1.7

db:CNNVDid:CNNVD-200212-226

Trust: 0.7

db:BUGTRAQid:20020924 ECHU ALERT #2: IMG ATTACK IN THE NEWS : 6 CMS VULNERABLES

Trust: 0.6

db:XFid:10173

Trust: 0.6

db:SEEBUGid:SSVID-75678

Trust: 0.1

db:EXPLOIT-DBid:21859

Trust: 0.1

db:VULHUBid:VHN-6186

Trust: 0.1

sources: VULHUB: VHN-6186 // BID: 5796 // CNNVD: CNNVD-200212-226 // NVD: CVE-2002-1803

REFERENCES

url:http://www.securityfocus.com/bid/5796

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2002-09/0307.html

Trust: 1.7

url:http://www.iss.net/security_center/static/10173.php

Trust: 1.7

url:http://www.irannuke.com/

Trust: 0.3

sources: VULHUB: VHN-6186 // BID: 5796 // CNNVD: CNNVD-200212-226 // NVD: CVE-2002-1803

CREDITS

Discovery of this vulnerability credited to das@hush.com.

Trust: 0.9

sources: BID: 5796 // CNNVD: CNNVD-200212-226

SOURCES

db:VULHUBid:VHN-6186
db:BIDid:5796
db:CNNVDid:CNNVD-200212-226
db:NVDid:CVE-2002-1803

LAST UPDATE DATE

2025-04-03T22:16:52.819000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-6186date:2008-09-05T00:00:00
db:BIDid:5796date:2002-09-25T00:00:00
db:CNNVDid:CNNVD-200212-226date:2005-10-20T00:00:00
db:NVDid:CVE-2002-1803date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:VULHUBid:VHN-6186date:2002-12-31T00:00:00
db:BIDid:5796date:2002-09-25T00:00:00
db:CNNVDid:CNNVD-200212-226date:2002-12-31T00:00:00
db:NVDid:CVE-2002-1803date:2002-12-31T05:00:00