Multiple XSS Bugs in PHPNuke

By N-Stalker Team on October 16, 2002

Seven new cross-site scripting vulnerabilities have been discovered in PHPNuke 6.0, a popular content management system used to power tens of thousands of web sites. Most of these issues could lead to the compromise of a site user’s cookies, which would give an attacker the ability to log-in as the victim. Two of the scripting holes, in both the Downloads and Web Links modules, are particularly dangerous as they can be exploited to steal the admin’s authentication cookies and gain control of the site. An advisory with details on the vulnerabilities was posted on Bugtraq; no response from the developers yet.

(N-Stalker Security Force)

This entry was posted in Previous Security Advisories. Bookmark the permalink.