Lethalman

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke versions 6.x **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `subject` parameter in the block-Forums.php file of the Splatt Forum module. **Recommendations** For PHP-Nuke version 6.x, update the block-Forums.php file in the Splatt Forum module to properly sanitize the `subject` parameter and prevent arbitrary web script or HTML injection.

Name of the Vulnerable Software and Affected Versions: Splatt Forum (affected versions not specified) Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to insert arbitrary HTML and web script via the `image subject` field. This field is related to the post icon. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.