Lucene search

MitreCVE-2002-1996

HistoryJul 14, 2005 - 4:00 a.m.

CVE-2002-1996

2005-07-1404:00:00

mitre

web.nvd.nist.gov

cve-2002-1996

cross-site scripting

xss

postnuke 0.71

vulnerability

web script

html

remote attackers

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.018

Percentile

88.4%

JSON

Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php.

Affected configurations

Nvd

Node

postnuke_software_foundationpostnukeMatch0.7

postnuke_software_foundationpostnukeMatch0.62

postnuke_software_foundationpostnukeMatch0.63

postnuke_software_foundationpostnukeMatch0.64

postnuke_software_foundationpostnukeMatch0.70

postnuke_software_foundationpostnukeMatch0.71

postnuke_software_foundationpostnukeMatch0.703

VendorProductVersionCPE
postnuke_software_foundationpostnuke0.7cpe:2.3:a:postnuke_software_foundation:postnuke:0.7:*:*:*:*:*:*:*
postnuke_software_foundationpostnuke0.62cpe:2.3:a:postnuke_software_foundation:postnuke:0.62:*:*:*:*:*:*:*
postnuke_software_foundationpostnuke0.63cpe:2.3:a:postnuke_software_foundation:postnuke:0.63:*:*:*:*:*:*:*
postnuke_software_foundationpostnuke0.64cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:*:*:*:*:*:*:*
postnuke_software_foundationpostnuke0.70cpe:2.3:a:postnuke_software_foundation:postnuke:0.70:*:*:*:*:*:*:*
postnuke_software_foundationpostnuke0.71cpe:2.3:a:postnuke_software_foundation:postnuke:0.71:*:*:*:*:*:*:*
postnuke_software_foundationpostnuke0.703cpe:2.3:a:postnuke_software_foundation:postnuke:0.703:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
postnuke_software_foundation	postnuke	0.7	cpe:2.3:a:postnuke_software_foundation:postnuke:0.7:::::::*
postnuke_software_foundation	postnuke	0.62	cpe:2.3:a:postnuke_software_foundation:postnuke:0.62:::::::*
postnuke_software_foundation	postnuke	0.63	cpe:2.3:a:postnuke_software_foundation:postnuke:0.63:::::::*
postnuke_software_foundation	postnuke	0.64	cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:::::::*
postnuke_software_foundation	postnuke	0.70	cpe:2.3:a:postnuke_software_foundation:postnuke:0.70:::::::*
postnuke_software_foundation	postnuke	0.71	cpe:2.3:a:postnuke_software_foundation:postnuke:0.71:::::::*
postnuke_software_foundation	postnuke	0.703	cpe:2.3:a:postnuke_software_foundation:postnuke:0.703:::::::*

References

archives.neohapsis.com/archives/bugtraq/2002-03/0288.html

archives.neohapsis.com/archives/bugtraq/2002-03/0299.html

sourceforge.net/tracker/index.php?func=detail&aid=524777&group_id=27927&atid=392228

www.iss.net/security_center/static/8605.php

www.securityfocus.com/bid/4350

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.018

Percentile

88.4%

JSON

Related for CVE-2002-1996