CVE-2008-0497

Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF.
Configurations

Configuration 1

cpe:2.3:a:nucleus_cms:nucleus_cms:3.31:*:*:*:*:*:*:*

Information

Published : 2008-01-30 10:00

Updated : 2018-10-15 10:00


NVD link : CVE-2008-0497

Mitre link : CVE-2008-0497

Products Affected
No products.
CWE