CVE-2006-0800

PostNuke <= 0.761 - Cross-Site Scripting via HTML Tag Trailing '<' Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0800. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary The provided text describes input-validation vulnerabilities in PostNuke, specifically in the 'NS-Languages' module, which could lead to various attacks such as XSS or data manipulation. It includes example URLs demonstrating potential exploitation vectors.

Description

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Maksymilian Arciemowicz · textwebappsphp

https://www.exploit-db.com/exploits/27254

View Code ZIP pw:eip

The provided text describes input-validation vulnerabilities in PostNuke, specifically in the 'NS-Languages' module, which could lead to various attacks such as XSS or data manipulation. It includes example URLs demonstrating potential exploitation vectors.

Classification

Writeup 80%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: PostNuke (version not specified)

Auth required

Prerequisites: Access to admin.php with appropriate module parameters · User-supplied input not properly sanitized

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/0673

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/24823

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/16752

Patch x_refsource_confirm

http://news.postnuke.com/index.php?name=News&file=article&sid=2754

Third Party Advisory mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/18937

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/454

Scores

EPSS 0.0213

EPSS Percentile 79.5%

Details

CWE

CWE-79

Status published

Products (19)

postnuke_software_foundation/postnuke 0.7

postnuke_software_foundation/postnuke 0.62

postnuke_software_foundation/postnuke 0.63

postnuke_software_foundation/postnuke 0.64

postnuke_software_foundation/postnuke 0.70

postnuke_software_foundation/postnuke 0.71

postnuke_software_foundation/postnuke 0.72

postnuke_software_foundation/postnuke 0.73

postnuke_software_foundation/postnuke 0.74

postnuke_software_foundation/postnuke 0.75

... and 9 more

Published Feb 20, 2006

Tracked Since Feb 18, 2026