PostNuke Multiple Cross-Site Scripting Vulnerabilities
BID:17743
Info
PostNuke Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 17743 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 28 2006 12:00AM |
| Updated: | Apr 29 2006 03:45AM |
| Credit: | [email protected] is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
PostNuke Development Team PostNuke Phoenix 0.761 PostNuke Development Team PostNuke Phoenix 0.760 RC4 PostNuke Development Team PostNuke Phoenix 0.760 RC3 PostNuke Development Team PostNuke Phoenix 0.760 RC2 PostNuke Development Team PostNuke Phoenix 0.760 PostNuke Development Team PostNuke Phoenix 0.750 b PostNuke Development Team PostNuke Phoenix 0.750 PostNuke Development Team PostNuke Phoenix 0.726 PostNuke Development Team PostNuke Phoenix 0.723 PostNuke Development Team PostNuke Phoenix 0.722 PostNuke Development Team PostNuke Phoenix 0.721 PostNuke Development Team PostNuke 0.726 -3 PostNuke Development Team PostNuke 0.721 PostNuke Development Team PostNuke 0.703 PostNuke Development Team PostNuke 0.76 RC4b PostNuke Development Team PostNuke 0.76 RC4a PostNuke Development Team PostNuke 0.76 RC4 PostNuke Development Team PostNuke 0.75 -RC3 PostNuke Development Team PostNuke 0.75 PostNuke Development Team PostNuke 0.74 PostNuke Development Team PostNuke 0.73 PostNuke Development Team PostNuke 0.72 PostNuke Development Team PostNuke 0.71 PostNuke Development Team PostNuke 0.70 PostNuke Development Team PostNuke 0.64 PostNuke Development Team PostNuke 0.63 PostNuke Development Team PostNuke 0.62 PostNuke Development Team PostNuke 0.7 PostNuke Development Team PostNuke 0.762 Cisco Aironet 340 BR340 Firmware 0.761 a Cisco Aironet 340 BR340 Firmware 0.761 |
| Not Vulnerable: | |
Discussion
PostNuke Multiple Cross-Site Scripting Vulnerabilities
PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
PostNuke Multiple Cross-Site Scripting Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
PostNuke Multiple Cross-Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
PostNuke Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- PostNuke Homepage (PostNuke Development Team)