In /modules/Journal/search.php the “forwhat” variable is not sanitized correctly
The vulnerability is reported to be Mildly Critical. However, it is best to get this patched.
PHP-Nuke has released version 8.0 for paid members. So if you are a free user then you will need to apply the patch.
Patch details are on the advisory page.