CVE-2005-1023

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 6.x through 7.6

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to multiple cross-site scripting (XSS) vulnerabilities. This can be achieved via the min parameter to the "Search" module, the categories parameter to the "FAQ" module, or the ltr parameter to the "Encyclopedia" module.

Recommendations For PHP-Nuke versions 6.x through 7.6, consider restricting access to the vulnerable modules, specifically the Search, FAQ, and Encyclopedia modules, until a fix is available. As a temporary workaround, avoid using the min, categories, and ltr parameters in their respective modules to minimize the risk of exploitation.