Unrated severityNVD Advisory· Published Dec 15, 2005· Updated Apr 16, 2026

CVE-2005-4260

Description

Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.

Affected products

PHP-Nuke/Php Nuke8 versions
cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:francisco_burzi:php-nuke:7.7:*:*:*:*:*:*:*
- cpe:2.3:a:francisco_burzi:php-nuke:7.8:*:*:*:*:*:*:*
- cpe:2.3:a:francisco_burzi:php-nuke:7.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000