Vulnerabilities > CVE-2005-1049 - Remote Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | PostNuke Phoenix 0.760 RC3 Module Parameter Remote Cross-Site Scripting Vulnerability. CVE-2005-1049 . Webapps exploit for php platform |
id | EDB-ID:25367 |
last seen | 2016-02-03 |
modified | 2005-04-08 |
published | 2005-04-08 |
reporter | Dcrab |
source | https://www.exploit-db.com/download/25367/ |
title | PostNuke Phoenix 0.760 RC3 Module Parameter Remote Cross-Site Scripting Vulnerability |
Nessus
NASL family | CGI abuses : XSS |
NASL id | POSTNUKE_OP_AND_MODULE_XSS.NASL |
description | The version of PostNuke installed on the remote host fails to properly sanitize user input through the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18006 |
published | 2005-04-08 |
reporter | This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/18006 |
title | PostNuke < 0.760 RC4 Multiple Script XSS |
References
- http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/user.php.diff?r1=1.18&r2=1.19
- http://digitalparadox.org/advisories/postnuke.txt
- http://marc.info/?l=bugtraq&m=111298226029957&w=2
- http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2679
- http://secunia.com/advisories/14868/
- http://securitytracker.com/id?1013670
- http://www.osvdb.org/15370
- http://www.securityfocus.com/bid/13075
- http://www.securityfocus.com/bid/13076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20018