CVE-2007-4212 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing \ instead of a \ in (1) the onerror attribute of an IMG element (2) the onload attribute of an IFRAME element or (3) redirect users to other sites via the META tag.

Reference

http://osvdb.org/42538 http://securityreason.com/securityalert/2974 http://www.securityfocus.com/archive/1/475249/100/0/threaded http://www.securityfocus.com/bid/25171