Vulnerabilities > CVE-2005-1049 - Remote Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3

047910
CVSS 2.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
postnuke-software-foundation
nessus
exploit available

Summary

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled.

Vulnerable Configurations

Part Description Count
Application
Postnuke_Software_Foundation
1

Exploit-Db

descriptionPostNuke Phoenix 0.760 RC3 Module Parameter Remote Cross-Site Scripting Vulnerability. CVE-2005-1049 . Webapps exploit for php platform
idEDB-ID:25367
last seen2016-02-03
modified2005-04-08
published2005-04-08
reporterDcrab
sourcehttps://www.exploit-db.com/download/25367/
titlePostNuke Phoenix 0.760 RC3 Module Parameter Remote Cross-Site Scripting Vulnerability

Nessus

NASL familyCGI abuses : XSS
NASL idPOSTNUKE_OP_AND_MODULE_XSS.NASL
descriptionThe version of PostNuke installed on the remote host fails to properly sanitize user input through the
last seen2020-06-01
modified2020-06-02
plugin id18006
published2005-04-08
reporterThis script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/18006
titlePostNuke < 0.760 RC4 Multiple Script XSS