CVE-2006-0800

Postnuke - XSS

Title source: rule

Description

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Maksymilian Arciemowicz · textwebappsphp

https://www.exploit-db.com/exploits/27254

View Code ZIP pw:eip

References (7)

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html

[Patch] http://news.postnuke.com/index.php?name=News&file=article&sid=2754

[Patch, Vendor Advisory] http://secunia.com/advisories/18937

[Exploit, Patch] http://www.securityfocus.com/bid/16752

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/0673

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24823

[Third Party Advisory] http://securityreason.com/securityalert/454

Scores

EPSS 0.0747

EPSS Percentile 91.6%

Classification

CWE

CWE-79

Status draft

Affected Products (19)

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

postnuke_software_foundation/postnuke

... and 4 more

Timeline

Published Feb 20, 2006

Tracked Since Feb 18, 2026