CVE-2004-1840

Name of the Vulnerable Software and Affected Versions MS Analysis module version 2.0 for PHP-Nuke

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters, including the screen parameter to "modules.php", the module name parameter to "title.php", the sortby parameter to "modules.php", or the overview parameter to "modules.php".

Recommendations For MS Analysis module version 2.0, consider disabling the affected parameters (screen, module name, sortby, overview) in the respective files ("modules.php", "title.php") until a patch is available. Restrict access to the "modules.php" and "title.php" files to minimize the risk of exploitation. Avoid using the specified parameters in the affected API endpoints until the issue is resolved.