Arbitrary HTML and Web Script Injection in Php-Nuke Downloads Module
CVE-2004-1999 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.
Learn more about our Web App Pen Testing.