CVE Vulnerabilities

CVE-2004-2363

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting (XSS) attacks via hex-encoded tags, which bypass the check for literal <, >, (, and ) characters, as demonstrated using the limit parameter to forums.php and a variety of other vectors.

Affected Software

Name Vendor Start Version End Version
Phpx Phpx 3.0.0 (including) 3.0.0 (including)
Phpx Phpx 3.0.1 (including) 3.0.1 (including)
Phpx Phpx 3.0.2 (including) 3.0.2 (including)
Phpx Phpx 3.0.3 (including) 3.0.3 (including)
Phpx Phpx 3.0.4 (including) 3.0.4 (including)
Phpx Phpx 3.0.5 (including) 3.0.5 (including)
Phpx Phpx 3.0.6 (including) 3.0.6 (including)
Phpx Phpx 3.0.7 (including) 3.0.7 (including)
Phpx Phpx 3.1.0 (including) 3.1.0 (including)
Phpx Phpx 3.1.1 (including) 3.1.1 (including)
Phpx Phpx 3.1.2 (including) 3.1.2 (including)
Phpx Phpx 3.1.3 (including) 3.1.3 (including)
Phpx Phpx 3.1.4 (including) 3.1.4 (including)
Phpx Phpx 3.2.0 (including) 3.2.0 (including)
Phpx Phpx 3.2.1 (including) 3.2.1 (including)
Phpx Phpx 3.2.2 (including) 3.2.2 (including)
Phpx Phpx 3.2.3 (including) 3.2.3 (including)
Phpx Phpx 3.2.4 (including) 3.2.4 (including)
Phpx Phpx 3.2.5 (including) 3.2.5 (including)
Phpx Phpx 3.2.6 (including) 3.2.6 (including)

References