Yet Another XSS Vulnerability in PHP-Nuke
Date: Tuesday, February 04 @ 01:23:09 CET
Topic: Security


Forward from bugtraq:

-------------------------------------------

Affected Versions:
PHP Nuke versionh 6.0 and below

Unaffected version:
PHP Nuke 6.5

Impact:
-------------------------------------------
Allows any user to inject their own HTML or Java code instead of an avatar
image. This can lead to very annoying forum posts, and the usual XSS tricks.







This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=41