PostNuke user.php htmltext Variable XSS

2005-08-22T04:50:30
ID OSVDB:18972
Type osvdb
Reporter OSVDB
Modified 2005-08-22T04:50:30

Description

Manual Testing Notes

http://[target]/PostNuke-0.760-RC4b/html/user.php?op=edituser&htmltext=<h1>xss

References:

Vendor URL: http://www.postnuke.com/ Vendor Specific News/Changelog Entry: http://news.postnuke.com/index.php?name=News&file=article&sid=2754 Secunia Advisory ID:18937 Secunia Advisory ID:16534 Related OSVDB ID: 18971 Related OSVDB ID: 18970 Other Advisory URL: http://www.securityreason.com/adv/PN15.asc Other Advisory URL: http://securityreason.com/achievement_securityalert/33 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0288.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html Keyword: cXIb8O3 CVE-2005-2689 Bugtraq ID: 14635