PostNuke News Module article.php sid Parameter XSS

medium Nessus Plugin ID 14727

Language:

Synopsis

A remote web application is vulnerable to cross-site scripting.

Description

The remote host is running a version of PostNuke which contains the 'News' module which itself is vulnerable to a cross-site scripting issue.

An attacker may use these flaws to steal the cookies of the legitimate users of this website.

Solution

Upgrade to the latest version of postnuke

Plugin Details

Severity: Medium

ID: 14727

File Name: postnuke_news_xss.nasl

Version: 1.22

Type: remote

Family: CGI abuses : XSS

Published: 9/15/2004

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:postnuke_software_foundation:postnuke

Required KB Items: www/postnuke

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 11/8/2002

Reference Information

BID: 5809

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

Detections

Analytics