PHP-Nuke 6.x/7.x - 'header.php?Pagetitle' Cross-Site Scripting

Author: Janek Vind
type: webapps
platform: php
port: 
date_added: 2006-02-13  
date_updated: 2013-07-31  
verified: 1  
codes: CVE-2006-0676;OSVDB-23140  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 27208.txt  
source: https://www.securityfocus.com/bid/16608/info

PHPNuke is prone to a cross-site scripting vulnerability.

This issue affects the 'header.php' script.

PHPNuke 7.8 and prior versions are reportedly vulnerable.

http://www.example.com/nuke78/?pagetitle=w00t></title></head><body>test