CVE-2005-4260

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 7.9 and later

Description The issue is related to an interpretation conflict in the includes/mainfile.php file, which can be exploited for cross-site scripting (XSS) attacks. This is achieved by replacing the ">" in a tag with a "<", thereby bypassing the regular expressions used for data sanitization. However, many web browsers automatically correct this, potentially mitigating the issue. It is also suggested that this might be a design limitation in many web browsers rather than a vulnerability in PHP-Nuke itself.

Recommendations For PHP-Nuke versions 7.9 and later, consider implementing additional sanitization measures or input validation to prevent XSS attacks, focusing on correctly handling tags and special characters to prevent bypassing of existing security mechanisms.