CVE-2005-1000

Name of the Vulnerable Software and Affected Versions PHP-Nuke version 7.6

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters, including bid in the EmailStats operation, ratenum in the TopRated and MostPopular actions, ttitle in several actions within the Web Links module, and username in the Your Account module. API Endpoints and variables involved include:

Recommendations For PHP-Nuke version 7.6, consider disabling the vulnerable parameters bid, ratenum, ttitle, and username in their respective modules until a patch is available. Restrict access to the Web Links and Your Account modules to minimize the risk of exploitation. Avoid using the bid, ratenum, ttitle, and username parameters in the affected operations and actions until the issue is resolved.