Published: 24/08/2005 Updated: 05/09/2008

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 270

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote malicious users to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postnuke software foundation postnuke 0.76_rc4b

source: wwwsecurityfocuscom/bid/14635/info PostNuke is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure of the application to properly sanitize user-supplied input This can lead to theft of cookie-based authentication credentials, as well as other types of attacks wwwexamplecom/[DIR]/ ...

source: wwwsecurityfocuscom/bid/14635/info PostNuke is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure of the application to properly sanitize user-supplied input This can lead to theft of cookie-based authentication credentials, as well as other types of attacks wwwexamplecom/Post ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/408818 http://www.securityfocus.com/bid/14635 https://nvd.nist.gov https://www.exploit-db.com/exploits/26187/

CVE-2005-2689

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect