Unrated severityNVD Advisory· Published Aug 10, 2005· Updated Apr 16, 2026

CVE-2005-2539

Description

Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post.

Affected products

Flatnuke/Flatnuke
cpe:2.3:a:flatnuke:flatnuke:2.5.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.rgod.altervista.org/flatnuke.htmlnvdExploit
marc.infonvd
secunia.com/advisories/16330nvd
www.osvdb.org/18551nvd
www.osvdb.org/18552nvd
www.osvdb.org/18553nvd
www.securityfocus.com/bid/14483nvd
exchange.xforce.ibmcloud.com/vulnerabilities/21707nvd
exchange.xforce.ibmcloud.com/vulnerabilities/21708nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000