Description
Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Maksymilian Arciemowicz · textwebappsphp
https://www.exploit-db.com/exploits/27254
References (7)
Core 7
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0673
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24823
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16752
Patch x_refsource_confirm
http://news.postnuke.com/index.php?name=News&file=article&sid=2754
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18937
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/454
Scores
EPSS
0.0747
EPSS Percentile
91.8%
Details
CWE
CWE-79
Status
published
Products (19)
postnuke_software_foundation/postnuke
0.7
postnuke_software_foundation/postnuke
0.62
postnuke_software_foundation/postnuke
0.63
postnuke_software_foundation/postnuke
0.64
postnuke_software_foundation/postnuke
0.70
postnuke_software_foundation/postnuke
0.71
postnuke_software_foundation/postnuke
0.72
postnuke_software_foundation/postnuke
0.73
postnuke_software_foundation/postnuke
0.74
postnuke_software_foundation/postnuke
0.75
... and 9 more
Published
Feb 20, 2006
Tracked Since
Feb 18, 2026