CVE-2006-0185

Php-Nuke is affected by multiple cross-site scripting in the (1) Pool and (2) News Modules, allowing remote attackers to inject arbitrary scripts via javascript in the SRC attribute of an IMG tag. The root cause is unsanitized input in image tags enabling script execution. Impact is web-page defa...