Vulnerabilities > CVE-2005-1049 - Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
postnuke-software-foundation
nessus
exploit available
NVD
Published: 2005-05-02
Updated: 2017-07-11

Summary

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled.

Vulnerable Configurations

Part Description Count
Application
Postnuke_Software_Foundation
1

Exploit-Db

descriptionPostNuke Phoenix 0.760 RC3 Module Parameter Remote Cross-Site Scripting Vulnerability. CVE-2005-1049 . Webapps exploit for php platform
idEDB-ID:25367
last seen2016-02-03
modified2005-04-08
published2005-04-08
reporterDcrab
sourcehttps://www.exploit-db.com/download/25367/
titlePostNuke Phoenix 0.760 RC3 Module Parameter Remote Cross-Site Scripting Vulnerability

Nessus

NASL familyCGI abuses : XSS
NASL idPOSTNUKE_OP_AND_MODULE_XSS.NASL
descriptionThe version of PostNuke installed on the remote host fails to properly sanitize user input through the
last seen2020-06-01
modified2020-06-02
plugin id18006
published2005-04-08
reporterThis script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/18006
titlePostNuke < 0.760 RC4 Multiple Script XSS

References