CVE-2005-0616 - Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.

CVE-2005-0616

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables.

References

Vulnerable Configurations

cpe:2.3:a:postnuke_software_foundation:postnuke_phoenix:0.750:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke_phoenix:0.750:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke_phoenix:0.760_rc2:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke_phoenix:0.760_rc2:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2016 - 03:13)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bugtraq	20050228 [SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2
confirm	http://news.postnuke.com/Article2669.html
sectrack	1013324

Last major update

18-10-2016 - 03:13

Published

28-02-2005 - 05:00

Last modified

18-10-2016 - 03:13