CVE-2004-0265

Name of the Vulnerable Software and Affected Versions Php-Nuke versions 6.x through 7.1.0

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to execute arbitrary scripts as other users. This is achieved via URL-encoded title or fname parameters in the News or Reviews modules.

Recommendations For Php-Nuke versions 6.x through 7.1.0, consider disabling the News and Reviews modules until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to these modules to minimize the risk of arbitrary script execution. Avoid using the title and fname parameters in the affected modules until the issue is resolved.