QwikSec

Security Database

CVE

CWE

Training

CVE-2005-1049

Published: Apr 12, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://digitalparadox.org/advisories/postnuke.txt

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

20050408 Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

postnuke-adminphp-userphp-xss(20018)

vdb-entry

x_refsource_XF

http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2679

x_refsource_MISC

http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/user.php.diff?r1=1.18&r2=1.19

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.