FreeBSD : postnuke -- XSS (XSS) vulnerabilities (7e580822-8cd8-11d9-8c81-000a95bc6fae)
Medium Nessus Plugin ID 18999
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA cross-site scripting vulnerability is present in the PostNuke PHP content management system. By passing data injected through exploitable errors in input validation, an attacker can insert code which will run on the machine of anybody viewing the page. It is feasible that this attack could be used to retrieve session information from cookies, thereby allowing the attacker to gain administrative access to the CMS.
SolutionUpdate the affected package.