Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1957

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2004-1957
Last Modified 05 Sep 2008 04:42:48
Published 21 Apr 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-1957

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php.

Vulnerable Systems


References

XF - postnuke-openwindow-xss(15934)

MISC - http://www.waraxe.us/index.php?modname=sa&id=22

BID - 10191

BUGTRAQ - 20040421 [waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2]


Last Updated: 27 May 2016 10:39:15