PT-2004-2728 · Php Nuke+1 · Php-Nuke+1

Janek Vind

Published

2004-03-18

Updated

2017-07-11

CVE-2004-1829

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Gijza.net Error Manager version 2.1 for PHP-Nuke 6.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters, including the pagetitle or error parameters, as well as certain parameters in the error log.

Recommendations For Gijza.net Error Manager version 2.1, consider disabling the error log and restricting access to the error.php file until a patch is available. Avoid using the pagetitle and error parameters in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1829

Affected Products

Gijza.Net Error Manager

Php-Nuke

PT-2004-2728 · Php Nuke+1 · Php-Nuke+1

CVE-2004-1829

Related Identifiers

Affected Products

References · 8