CVE-2004-2351

Name of the Vulnerable Software and Affected Versions: GBook for Php-Nuke version 1.0

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via multiple parameters, including name, email, city, and message. These parameters do not use the <script> and <style> tags, which are filtered by PHP-Nuke.

Recommendations: For GBook for Php-Nuke version 1.0, consider validating and sanitizing user input for the name, email, city, and message parameters to prevent XSS attacks. As a temporary workaround, restrict access to these parameters until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.