CVE-2006-1846

Name of the Vulnerable Software and Affected Versions PHP-Nuke version 7.8

Description A cross-site scripting (XSS) issue might exist in the Your Account module, potentially allowing remote attackers to inject arbitrary HTML and web script via the ublock parameter. This parameter is saved in the user's personal menu. The details of this issue are based on third-party information, and it is unclear whether this is a genuine vulnerability, given its relation to the user's personal menu, which is presumably not modifiable by others.

Recommendations For PHP-Nuke version 7.8, consider restricting the use of the ublock parameter in the Your Account module until more information is available about this issue. As a temporary workaround, avoid using the ublock parameter to minimize the risk of potential exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.