PT-2002-1570 · Asp Nuke · Asp-Nuke

Published

2002-06-11

Updated

2008-09-05

CVE-2002-0520

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ASP-Nuke version RC1

Description A cross-site scripting issue exists in the functions-inc.asp file, allowing remote attackers to execute script as other ASP-Nuke users. This can be achieved by embedding the script within an IMG tag.

Recommendations For ASP-Nuke version RC1, consider restricting access to the functions-inc.asp file until a patch is available. As a temporary workaround, avoid using the functions-inc.asp file in scenarios where user input is processed to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0520

Affected Products

Asp-Nuke

PT-2002-1570 · Asp Nuke · Asp-Nuke

CVE-2002-0520

Related Identifiers

Affected Products

References · 7