December 26, 2001

PHP-Nuke 'friend.php' module allows cross-site scripting

Author: JT Smith

C'est la vie writes: "Description: A cross-site scripting vulnerability was reported in the PHP-Nuke 'friend.php' module. A remote user can write HTML code containing malicious javascript that, if executed on another user's browser, will execute in the security zone of a web site running PHP-Nuke. More at: SecurityTracker"


  • Linux
Click Here!