Lucene search

PRIOn knowledge basePRION:CVE-2006-0800

HistoryFeb 20, 2006 - 10:02 p.m.

Cross site scripting

2006-02-2022:02:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing “<” character, which is interpreted as a “>” character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.

CPENameOperatorVersion
postnukeeq0.71
postnukeeq0.761
postnukeeq0.63
postnukeeq0.64
postnukeeq0.703
postnukeeq0.76.0-rc4-b
postnukeeq0.726.3
postnukeeq0.76.0-rc4
postnukeeq0.721
postnukeeq0.75.0-rc3

Name	Operator	Version
postnuke	eq	0.71
postnuke	eq	0.761
postnuke	eq	0.63
postnuke	eq	0.64
postnuke	eq	0.703
postnuke	eq	0.76.0-rc4-b
postnuke	eq	0.726.3
postnuke	eq	0.76.0-rc4
postnuke	eq	0.721
postnuke	eq	0.75.0-rc3

Rows per page:

1-10 of 191

References

archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html

news.postnuke.com/index.php?name=News&file=article&sid=2754

secunia.com/advisories/18937

securityreason.com/securityalert/454

www.securityfocus.com/bid/16752

www.vupen.com/english/advisories/2006/0673

exchange.xforce.ibmcloud.com/vulnerabilities/24823

5.9 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for PRION:CVE-2006-0800