PHP-Nuke 6.x/7.x - 'header.php?Pagetitle' Cross-Site Scripting
Author: Janek Vind type: webapps platform: php port: date_added: 2006-02-13 date_updated: 2013-07-31 verified: 1 codes: CVE-2006-0676;OSVDB-23140 tags: aliases: screenshot_url: application_url: raw file: 27208.txt
source: https://www.securityfocus.com/bid/16608/info PHPNuke is prone to a cross-site scripting vulnerability. This issue affects the 'header.php' script. PHPNuke 7.8 and prior versions are reportedly vulnerable. http://www.example.com/nuke78/?pagetitle=w00t></title></head><body>test