PHPNuke Security Advisory: XSS And Path Disclosure Issues Report

PHPNuke seems to have a horrible security track record, but continues to be quite popular. No statement from the PHPNuke folks yet, but if you're using a rapid site development tool, don't forget to consider the security implications. "Cross site . . . PHPNuke seems to have a horrible security track record, but continues to be quite popular. No statement from the PHPNuke folks yet, but if you're using a rapid site development tool, don't forget to consider the security implications. "Cross site scripting is a serious problem, (even if some people doesn't believe it), On this second round i'll show 8 new XSS vulnerabilities in PHP Nuke (most of them are also path disclosure vulns):"

 Date: 23 Apr 2002 09:50:48 +0200 From: "Replugge [ROD]"  To: This email address is being protected from spambots. You need JavaScript enabled to view it., This email address is being protected from spambots. You need JavaScript enabled to view it.,      This email address is being protected from spambots. You need JavaScript enabled to view it. Subject: More Cross site Scripting in PHPNuke  Cross site scripting is a serious problem, (even if some people doesn't believe it), On this second round i'll show 8 new XSS vulnerabilities in PHP Nuke (most of them are also path disclosure vulns):