CVE-2005-3368

Name of the Vulnerable Software and Affected Versions PHP-Nuke version 7.9

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the query parameter in the Search Enhanced module.

Recommendations For PHP-Nuke version 7.9, update the Search Enhanced module to prevent the injection of arbitrary web script or HTML via the query parameter. As a temporary workaround, consider restricting access to the Search Enhanced module until a patch is available.