CVE-2004-1930

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 6.x through 7.2

Description A cross-site scripting (XSS) issue exists in the cookiedecode function in mainfile.php, specifically when themes are used. This allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.

Recommendations For PHP-Nuke versions 6.x through 7.2, consider disabling the cookiedecode function in mainfile.php as a temporary workaround until a patch is available. Restrict access to themes to minimize the risk of exploitation. Avoid using base64-encoded user parameters or cookies in the affected function until the issue is resolved.