PostNuke RSS Module magpie_simple.php url Variable XSS

2005-05-21T11:01:41
ID OSVDB:16797
Type osvdb
Reporter OSVDB
Modified 2005-05-21T11:01:41

Description

Solution Description

Upgrade to version 0.750b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[victim]/[DIR]/modules/RSS/pnincludes/scripts/magpie_simple.php?url=">[XSS]

References:

Vendor URL: http://www.postnuke.com/ Secunia Advisory ID:15450 Other Advisory URL: http://news.postnuke.com/Article2691.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0254.html CVE-2005-1695