VYPR
Unrated severityNVD Advisory· Published Mar 22, 2004· Updated Jun 16, 2026

CVE-2004-1840

CVE-2004-1840

Description

Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • PHP-Nuke/PHP Nuke11 versions
    cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*
  • Range: =2.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.