CVE-2005-2064

Name of the Vulnerable Software and Affected Versions: ASP Nuke version 0.80

Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting attacks. This can be achieved through various parameters in different ASP files, including email in forgot password.asp, and FirstName, LastName, Username, Password, Address1, Address2, City, ZipCode, Email in register.asp.

Recommendations: For ASP Nuke version 0.80, as a temporary workaround, consider validating and sanitizing user input for the email parameter in forgot password.asp and the FirstName, LastName, Username, Password, Address1, Address2, City, ZipCode, Email parameters in register.asp to prevent injection of malicious scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.