VULHUB ™

It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname', 'fname', 'ratenum', and 'search' fields of 'modules.php' script. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible. PHP-Nuke 7.1.0 has been reported to be prone to these issues, however, it is possible that other versions are affected as well. These issues are undergoing further analysis. These issues will be separated into individual BIDs once analysis is complete.

It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname', 'fname', 'ratenum', and 'search' fields of 'modules.php' script. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible. PHP-Nuke 7.1.0 has been reported to be prone to these issues, however, it is possible that other versions are affected as well. These issues are undergoing further analysis. These issues will be separated into individual BIDs once analysis is complete.