CVE-2004-1999

Name of the Vulnerable Software and Affected Versions Php-Nuke versions 6.x through 7.2

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary HTML and web script. This is achieved via the ttitle or sid parameters to the "modules.php" endpoint.

Recommendations For Php-Nuke versions 6.x through 7.2, consider restricting access to the vulnerable modules.php endpoint until a fix is available, and avoid using the ttitle and sid parameters in this endpoint to minimize the risk of exploitation.