PostNuke Phoenix 0.726 openwindow.php hlpfile Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10191/info Multiple vulnerabilities were reported to exist in PostNuke Phoenix. The following specific vulnerabilities were reported: - Multiple path disclosure vulnerabilities that occur when a user directly requests...

PostNuke 0.72/0.75 Reviews Module Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10802/info PostNuke is reported prone to a cross-site scripting vulnerability. This issue affects the 'title' parameter of 'Reviews' script. Exploitation of this issue could allow for theft of cookie-based authentication...

CVE-2004-1957

Multiple XSS vulnerabilities affect PostNuke 0.726. Affected vectors include (1) lid and a query parameter to the Downloads module, (2) a query parameter to the Web_links module, and (3) the hlpfile parameter to openwindow.php, enabling remote attackers to inject arbitrary web script or HTML. The...

CVE-2004-2751

SQL injection vulnerability in the memberslist module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter...