Php Nuke · Php-Nuke · CVE-2005-3368
**Name of the Vulnerable Software and Affected Versions**
PHP-Nuke version 7.9
**Description**
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `query` parameter in the Search Enhanced module.
**Recommendations**
For PHP-Nuke version 7.9, update the Search Enhanced module to prevent the injection of arbitrary web script or HTML via the `query` parameter. As a temporary workaround, consider restricting access to the Search Enhanced module until a patch is available.