CVE-2005-4260 Information

Description

Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the \ in the tag with a \ which bypasses the regular expressions that sanitize the data but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so then this should not be treated as a vulnerability in PHP-Nuke.

Reference

http://www.securityfocus.com/archive/1/419496/100/0/threaded http://www.securityfocus.com/archive/1/419991/100/0/threaded http://www.securityfocus.com/bid/15855