PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities

ID EDB-ID:22761
Type exploitdb
Reporter David F. Madrid
Modified 2003-06-13T00:00:00


PostNuke 0.723 Multiple Cross-Site Scripting Vulnerabilities. Webapps exploit for php platform


The PostNuke 'modules.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who visits a web page that contains the malicious code.

Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.