PHP-Nuke Modules.PHP Username URI Parameter Cross Site Scripting Vulnerability

info
discussion
exploit
solution
references

PHP-Nuke Modules.PHP Username URI Parameter Cross Site Scripting Vulnerability

A cross site scripting vulnerability has been reported for PHP-Nuke. Specifically, PHP-Nuke does not sufficiently sanitize user-supplied input for the 'username' URI parameter to the modules.php script.

This may allow for theft of cookie-based authentication credentials and other attacks.