CVE-2004-2352

Name of the Vulnerable Software and Affected Versions: GBook for PHP-Nuke version 1.0

Description: The issue allows remote attackers to inject arbitrary web script or HTML via cookies stored in the $ COOKIE PHP variable. This is possible because the $ COOKIE variable is not properly cleansed by PHP-Nuke, leading to a cross-site scripting (XSS) vulnerability.

Recommendations: For GBook for PHP-Nuke version 1.0, consider cleansing or validating the $ COOKIE variable to prevent the injection of malicious scripts or HTML. As a temporary workaround, restrict access to sensitive areas of the application that utilize the $ COOKIE variable until a proper fix is implemented.