Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Php-nuke | Francisco_burzi | 6.0 | 6.0 |
Php-nuke | Francisco_burzi | 6.5 | 6.5 |
Php-nuke | Francisco_burzi | 6.6 | 6.6 |
Php-nuke | Francisco_burzi | 6.7 | 6.7 |
Php-nuke | Francisco_burzi | 6.8 | 6.8 |
Php-nuke | Francisco_burzi | 6.9 | 6.9 |
Php-nuke | Francisco_burzi | 7.0 | 7.0 |
Php-nuke | Francisco_burzi | 7.1 | 7.1 |
Php-nuke | Francisco_burzi | 7.2 | 7.2 |