4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
58.4%
A cross-site scripting vulnerability is present in the
PostNuke PHP content management system. By passing data
injected through exploitable errors in input validation, an
attacker can insert code which will run on the machine of
anybody viewing the page. It is feasible that this attack
could be used to retrieve session information from cookies,
thereby allowing the attacker to gain administrative access
to the CMS.