PHP-Nuke 6.x/7.x - 'header.php?Pagetitle' Cross-Site Scripting

EDB-ID:

27208


Platform:

PHP

Published:

2006-02-13

source: http://www.securityfocus.com/bid/16608/info

PHPNuke is prone to a cross-site scripting vulnerability. 

This issue affects the 'header.php' script.

PHPNuke 7.8 and prior versions are reportedly vulnerable.

http://www.example.com/nuke78/?pagetitle=w00t></title></head><body>test