Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php.
Software | From | Fixed in |
---|---|---|
francisco_burzi / php-nuke | 6.5 | 6.5.x |
francisco_burzi / php-nuke | 6.5_beta1 | 6.5_beta1.x |
francisco_burzi / php-nuke | 6.5_final | 6.5_final.x |
francisco_burzi / php-nuke | 6.5_rc1 | 6.5_rc1.x |
francisco_burzi / php-nuke | 6.5_rc2 | 6.5_rc2.x |
francisco_burzi / php-nuke | 6.5_rc3 | 6.5_rc3.x |
francisco_burzi / php-nuke | 6.6 | 6.6.x |
francisco_burzi / php-nuke | 6.7 | 6.7.x |
francisco_burzi / php-nuke | 6.9 | 6.9.x |
francisco_burzi / php-nuke | 7.0 | 7.0.x |
francisco_burzi / php-nuke | 7.0_final | 7.0_final.x |