PHP-Nuke Statistics Module Mainfile.PHP Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

PHP-Nuke Statistics Module Mainfile.PHP Cross-Site Scripting Vulnerability

The PHP-Nuke 'mainfile.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site attacks. This could allow for execution of hostile HTML and script code in the web client of a victim user to steal cookie-based authentication credentials.