VYPR
Unrated severityNVD Advisory· Published Dec 15, 2005· Updated Jun 16, 2026

CVE-2005-4260

CVE-2005-4260

Description

Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • PHP-Nuke/PHP Nuke9 versions
    cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:francisco_burzi:php-nuke:7.9:*:*:*:*:*:*:*
    • (no CPE)range: >=7.9

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.