PostNuke NS-Languages Module language Variable XSS

ID OSVDB:23436
Type osvdb
Reporter OSVDB
Modified 2006-02-19T05:32:43


Solution Description

Upgrade to version .762 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Manual Testing Notes

http://[target]/[path]/admin.php?module=NS-Languages&op=missing&language=">[XSS] http://[target]/[path]/admin.php?module=NS-Languages&op=translation&language=[XSS]


Vendor URL: Vendor Specific News/Changelog Entry: Secunia Advisory ID:18937 Related OSVDB ID: 23433 Related OSVDB ID: 23435 Related OSVDB ID: 23434 Other Advisory URL: Mail List Post: FrSIRT Advisory: ADV-2006-0673 CVE-2006-0802 CVE-2006-0800 Bugtraq ID: 16752