PHPNuke Search Form Cross-Site...

- AV AC AU C I A
发布: 2002-09-24
修订: 2025-04-13

PHPNuke 6.0 is prone to cross-site scripting attacks. HTML tags are not filtered from links to the 'modules.php' script. Reportedly, the problem lies in the 'Search' page of the 'modules.php' script. It is possible for a malicious attacker to submit a search string that contains HTML code. The value of this search string is not sanitized before it is included in PHP generated HTML and output to the client. This attack may be used to steal a user's cookie-based authentication credentials for the vulnerable PHPNuke site.

当前有1条漏洞利用/PoC
当前有0条受影响产品信息