Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP-Nuke多个输入验证漏洞
Vulnerability Description
PHP-Nuke 6.0到7.3版本的Reviews模块中的send_review函数存在Canonicalize-before-filter错误漏洞。远程攻击者可以借助text参数中的十六进制编码XXS序列,注入任意web脚本或HTML,该漏洞在规范化之前被检查为危险序列,导致跨站脚本(XSS)漏洞。
CVSS Information
N/A
Vulnerability Type
N/A