Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote malicious users to inject arbitrary web script or HTML via Javascript in an IMG tag.
source: wwwsecurityfocuscom/bid/5796/info
Problems with PHPNuke could make it possible to execute arbitrary script code in a vulnerable client
PHPNuke does not sufficiently filter potentially malicious HTML code from news posts As a result, when a user views a news posting that contains malicious HTML code, the code contained in the po ...