Description
Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled.
Exploits (2)
References (10)
Core 10
Core References
Various Sources x_refsource_misc
http://digitalparadox.org/advisories/postnuke.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15370
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111298226029957&w=2
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13076
Exploit, Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14868/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013670
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13075
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20018
Patch, Vendor Advisory x_refsource_misc
http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2679
Scores
EPSS
0.1324
EPSS Percentile
94.2%
Details
Status
published
Products (1)
postnuke_software_foundation/postnuke
0.760_rc3
Published
May 02, 2005
Tracked Since
Feb 18, 2026