CVE-2004-2363

Name of the Vulnerable Software and Affected Versions: PHPX versions 3.0 through 3.2.6

Description: The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via hex-encoded tags. This is achieved by bypassing the check for literal "<", ">", "(", and ")" characters in the checkURI function. Attackers can exploit this using the limit parameter to forums.php and other vectors.

Recommendations: For PHPX versions 3.0 through 3.2.6, consider disabling the checkURI function in functions.inc.php until a patch is available. Restrict access to the forums.php endpoint to minimize the risk of exploitation. Avoid using the limit parameter in the affected API endpoint until the issue is resolved.