Hello,

I heard that a new phpnuke vulnerability has been discovered, which allows the attacker to embed malicious JavaScript code in the private messages that execute XSS attack. So that when the admin opens the message, he will send his cookie with the encoded password.

I'm running phpnuke 5.4. I want this bug to be fixed, and make my web site much secure for guests. I checked the phpnuke website, but, I couldn't find anything that deals with this. Any suggestions?