CVE-2004-1818

Cross-site scripting XSS vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter...

All PHP-Nuke versions affected!!!

Hi! Recentely the "fixed" version of the user.php script was released. The vulnerability was reported in the article which can be read in http://www.phpnuke.org/article.php?sid=251. This new version though still allows any registered user to alter the password and other personal details of other...