PostNuke < 0.760 RC4 Multiple Script XSS

low Nessus Plugin ID 18006

Synopsis

The remote web server contains a PHP script that is prone to cross- site scripting attacks.

Description

The version of PostNuke installed on the remote host fails to properly sanitize user input through the 'op' parameter of the 'user.php' script and the 'module' parameter of the 'admin.php' script before using it in dynamically-generated content. An attacker can exploit this flaw to inject arbitrary HTML and script code into the browser of unsuspecting users, leading to disclosure of session cookies and the like.

Solution

Upgrade to version 0.760 RC4 or later.

See Also

https://seclists.org/bugtraq/2005/Apr/118

https://marc.info/?l=bugtraq&amp;m=111298226029957&amp;w=2

Plugin Details

Severity: Low

ID: 18006

File Name: postnuke_op_and_module_xss.nasl

Version: 1.26

Type: remote

Published: 4/8/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:postnuke_software_foundation:postnuke

Required KB Items: www/postnuke

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/8/2005

Reference Information

CVE: CVE-2005-1049

BID: 13075, 13076

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990