https://www.exploit-db.com/exploits/23814
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200403-057

Php-Nuke7.1.0版本的modules.php存在跨站脚本漏洞。远程攻击者借助（1）YourName字段，（2）电子邮件字段，（3）nicname字段，（4）fname参数，（5）ratenum参数，或（6）查询字段注入任意web脚本或者HTML。

source: http://www.securityfocus.com/bid/9879/info

It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname', 'fname', 'ratenum', and 'search' fields of 'modules.php' script. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.

http://www.example.com/nuke71/modules.php?name=Recommend_Us&op=SiteSent&fname=>[xss code here]
http://www.example.com/nuke71/modules.php?name=Downloads&d_op=TopRated&ratenum=>[xss code here]&ratetype=x

来源:XF
名称:phpnuke-multiple-parameters-xss(15491)
链接:http://xforce.iss.net/xforce/xfdb/15491
来源:BID
名称:9879
链接:http://www.securityfocus.com/bid/9879
来源:SECUNIA
名称:11135
链接:http://secunia.com/advisories/11135
来源:BUGTRAQ
名称:20040315[waraxe-2004-SA#005-XSSinPhp-Nuke7.1.0-part2]
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107937752811633&w;=2