VULHUB ™

A vulnerability has been discovered in the IndyNews module available for PHP-Nuke. Due to insufficient sanitization of some HTML tags it is possible to embed HTML code within the 'alt' tags of a news article. When the news article is viewed by an unsuspecting user the embedded code will be executed within the context of the site visited. The precise technical details regarding this vulnerability are currently unknown. This BID will be updated accordingly as more information is made available.

A vulnerability has been discovered in the IndyNews module available for PHP-Nuke. Due to insufficient sanitization of some HTML tags it is possible to embed HTML code within the 'alt' tags of a news article. When the news article is viewed by an unsuspecting user the embedded code will be executed within the context of the site visited. The precise technical details regarding this vulnerability are currently unknown. This BID will be updated accordingly as more information is made available.