Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the > in the tag with a <, which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php-nuke | Francisco_burzi | 7.0 (including) | 7.0 (including) |
| Php-nuke | Francisco_burzi | 7.1 (including) | 7.1 (including) |
| Php-nuke | Francisco_burzi | 7.2 (including) | 7.2 (including) |
| Php-nuke | Francisco_burzi | 7.3 (including) | 7.3 (including) |
| Php-nuke | Francisco_burzi | 7.6 (including) | 7.6 (including) |
| Php-nuke | Francisco_burzi | 7.7 (including) | 7.7 (including) |
| Php-nuke | Francisco_burzi | 7.8 (including) | 7.8 (including) |
| Php-nuke | Francisco_burzi | 7.9 (including) | 7.9 (including) |