CVE-2005-1000 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module (3) the ttitle parameter in the viewlinkdetails viewlinkeditorial viewlinkcomments and ratelink actions in the Web_Links module or (4) the username parameter in the Your_Account module.

Reference

http://archives.neohapsis.com/archives/bugtraq/2005-04/0037.html http://marc.info/?l=bugtraq&m=111263454308478&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19952