Vulnerability CVE-2005-1696
Published: 2005-05-24   Modified: 2012-02-12

Description:
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
PostNuke XSS and Full path disclosure 0.760RC3=>x
Maksymilian Arci...
30.09.2005

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Postnuke software foundation -> Postnuke 

 References:
http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691
http://marc.theaimsgroup.com/?l=bugtraq&m=111670506926649&w=2
Copyright 2024, cxsecurity.com

 

Back to Top