FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postnuke -- cross-site scripting (XSS) vulnerabilities

Affected packages
postnuke < 0.760

Details

VuXML ID 7e580822-8cd8-11d9-8c81-000a95bc6fae
Discovery 2005-02-28
Entry 2005-03-04

A cross-site scripting vulnerability is present in the PostNuke PHP content management system. By passing data injected through exploitable errors in input validation, an attacker can insert code which will run on the machine of anybody viewing the page. It is feasible that this attack could be used to retrieve session information from cookies, thereby allowing the attacker to gain administrative access to the CMS.

References

CVE Name CVE-2005-0616
Message http://marc.theaimsgroup.com/?l=bugtraq&m=110962768300373
URL http://news.postnuke.com/Article2669.html