Arbitrary HTML and Web Script Injection in Php-Nuke Downloads Module

Arbitrary HTML and Web Script Injection in Php-Nuke Downloads Module

CVE-2004-1999 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.

Learn more about our Web App Pen Testing.