CVE-2005-2689

PostNuke 0.760-RC4b - Cross-Site Scripting via Comments Moderate Parameter or User HTML Text

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-2689. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in PostNuke due to improper sanitization of user-supplied input in the 'moderate' parameter. The PoC shows how an attacker can inject malicious HTML/JavaScript into the application.

Description

Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Maksymilian Arciemowicz · textwebappsphp
https://www.exploit-db.com/exploits/26187

This exploit demonstrates a cross-site scripting (XSS) vulnerability in PostNuke due to improper sanitization of user-supplied input in the 'moderate' parameter. The PoC shows how an attacker can inject malicious HTML/JavaScript into the application.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PostNuke (version not specified)
No auth needed
Prerequisites: Access to a vulnerable PostNuke instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Maksymilian Arciemowicz · textwebappsphp
https://www.exploit-db.com/exploits/26188

The provided code is a writeup describing a cross-site scripting (XSS) vulnerability in PostNuke 0.760-RC4b. It includes a proof-of-concept URL demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PostNuke 0.760-RC4b
No auth needed
Prerequisites: Access to a vulnerable PostNuke instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/408818
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14635

Scores

EPSS 0.0143
EPSS Percentile 69.6%

Details

Status published
Products (1)
postnuke_software_foundation/postnuke 0.76_rc4b
Published Aug 24, 2005
Tracked Since Feb 18, 2026