CVE-2001-1524

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 5.3.1 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters, including uname in "user.php", ttitle, letter, and file in "modules.php", subject, story, and storyext in "submit.php", upload in "admin.php", and fname in "friend.php".

Recommendations For PHP-Nuke versions 5.3.1 and earlier, consider disabling the affected parameters, such as uname, ttitle, letter, file, subject, story, storyext, upload, and fname, in their respective files until a patch is available. Restrict access to the vulnerable modules and files, such as "user.php", "modules.php", "submit.php", "admin.php", and "friend.php", to minimize the risk of exploitation.