CVE-2004-1957

PostNuke 0.726 - Cross-Site Scripting via Downloads, Web_links, or openwindow.php Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-1957. PoCs published by Janek Vind, Lorenzo Hernandez Garcia-Hierro.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in PostNuke Phoenix, including path disclosure and cross-site scripting (XSS) issues. It includes example URLs demonstrating XSS exploitation via the 'hlpfile' parameter in openwindow.php.

Description

Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Janek Vind · textwebappsphp
https://www.exploit-db.com/exploits/24037

The provided text describes multiple vulnerabilities in PostNuke Phoenix, including path disclosure and cross-site scripting (XSS) issues. It includes example URLs demonstrating XSS exploitation via the 'hlpfile' parameter in openwindow.php.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PostNuke Phoenix
No auth needed
Prerequisites: Access to the target web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Lorenzo Hernandez Garcia-Hierro · textwebappsphp
https://www.exploit-db.com/exploits/22997

This is a writeup describing a cross-site scripting (XSS) vulnerability in PostNuke's Downloads and Web_Links modules. The vulnerability allows an attacker to inject malicious script code via a crafted URL, potentially leading to cookie theft.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PostNuke (version not specified)
No auth needed
Prerequisites: Access to a vulnerable PostNuke instance · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10191
Exploit, Vendor Advisory x_refsource_misc
http://www.waraxe.us/index.php?modname=sa&id=22
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108258902000472&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15934

Scores

EPSS 0.0459
EPSS Percentile 90.4%

Details

Status published
Published Apr 21, 2004
Tracked Since Feb 18, 2026