Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1049

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2005-1049
Last Modified 05 Sep 2008 04:48:04
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-1049

Summary

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled.

Vulnerable Systems

Application

  • Postnuke Software Foundation Postnuke 0.760 Rc3


References

BID - 13076

SECUNIA - 14868

MISC - http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2679

MISC - http://cvs.postnuke.com/viewcvs.cgi/Historic_PostNuke_Library/postnuke-devel/html/user.php.diff?r1=1.18&r2=1.19

XF - postnuke-adminphp-userphp-xss(20018)

BID - 13075

OSVDB - 15370

SECTRACK - 1013670

BUGTRAQ - 20050408 Sql injection, xss and path disclosure vulnerabilities in PostNuke 0.760-RC3


Last Updated: 27 May 2016 10:40:01