you think about :
$title2 = htmlspecialchars($title2, ENT_QUOTES);
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: PHP-Nuke block-Forums.php subject vulnerabilities
Date: 31 Mar 2003 11:15:54 -
The block-Forums.php file have a vuln if an attacker
insert a malformatted subject
The block-Forums.php file have a vuln if an attacker
insert a malformatted subject to a topic of Splatt
Forum. A type of subject is:
lt;scriptgt;alert('bug');lt;/scriptgt;
The 'alt' tag is closed by and the other text is
normal html. This bug is very bad if a subject is:
