CVE-2004-2293

Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 6.0 through 7.3

Description: The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to multiple cross-site scripting (XSS) vulnerabilities. This can be achieved via various parameters in different modules, including the eid parameter or query parameter to the Encyclopedia module, the preview review function in the Reviews module using parameters such as url, cover, rlanguage, and hits, or the savecomment function in the Reviews module using the uname parameter.

Recommendations: For PHP-Nuke versions 6.0 through 7.3, consider disabling the Encyclopedia module and the Reviews module until a patch is available. Restrict access to the preview review and savecomment functions to minimize the risk of exploitation. Avoid using the eid, query, url, cover, rlanguage, hits, and uname parameters in the affected modules until the issue is resolved.