Unrated severityNVD Advisory· Published May 2, 2005· Updated Apr 16, 2026

CVE-2005-1000

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.

Affected products

PHP-Nuke/PHP Nuke
cpe:2.3:a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2005-04/0037.htmlnvdExploitVendor Advisory
marc.infonvd
exchange.xforce.ibmcloud.com/vulnerabilities/19952nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000