Lucene search

[email protected]CVE-2006-0800

HistoryFeb 20, 2006 - 10:02 p.m.

CVE-2006-0800

2006-02-2022:02:00

CWE-79

[email protected]

web.nvd.nist.gov

security

vulnerability

cve-2006-0800

postnuke

xss

remote attack

5.9 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.4%

JSON

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing “<” character, which is interpreted as a “>” character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.

CPENameOperatorVersion
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.71
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.761
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.63
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.64
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.703
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.76_rc4b
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.726.3
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.76_rc4
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.721
postnuke_software_foundation:postnukepostnuke software foundation postnukeeq0.75_rc3

CPE	Name	Operator	Version
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.71
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.761
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.63
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.64
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.703
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.76_rc4b
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.726.3
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.76_rc4
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.721
postnuke_software_foundation:postnuke	postnuke software foundation postnuke	eq	0.75_rc3

Rows per page:

1-10 of 191

References

archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html

news.postnuke.com/index.php?name=News&file=article&sid=2754

secunia.com/advisories/18937

securityreason.com/securityalert/454

www.securityfocus.com/bid/16752

www.vupen.com/english/advisories/2006/0673

exchange.xforce.ibmcloud.com/vulnerabilities/24823

5.9 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.4%

JSON

Related for CVE-2006-0800

prion1 nessus1