VULHUB ™

It has been discovered that multiple PHP scripts used by PHP-Nuke are vulnerable to cross-sitescripting attacks. Due to insufficient sanitization of web requests it is possible for script code to be embedded in PHP script requests. By constructing a malicious link which exploits one of these vulnerabilities, it may be possible to execute arbitrary code within the context of a website visited by an unsuspecting user. This may allow a remote attacker to steal cookie-based authentication credentials, which could be used at a later time to hijack a users web session.

It has been discovered that multiple PHP scripts used by PHP-Nuke are vulnerable to cross-sitescripting attacks. Due to insufficient sanitization of web requests it is possible for script code to be embedded in PHP script requests. By constructing a malicious link which exploits one of these vulnerabilities, it may be possible to execute arbitrary code within the context of a website visited by an unsuspecting user. This may allow a remote attacker to steal cookie-based authentication credentials, which could be used at a later time to hijack a users web session.