CVE-2007-2432

Name of the Vulnerable Software and Affected Versions nukedit version 4.9.7b

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the terms parameter in the "utilities/search.asp" page.

Recommendations For nukedit version 4.9.7b, consider restricting access to the utilities/search.asp page or avoid using the terms parameter until a fix is available. As a temporary workaround, validate and sanitize all user input to the terms parameter to prevent malicious script injection.