Postnuke@0.64 Security Vulnerabilities and Issues — Postnuke@0.64 CVE List

Lucene search

Postnuke Software FoundationPostnuke0.64

6 matches found

CVE•added 2006/02/20 10:2 p.m.•51 views

CVE-2006-0800

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInp...

2.6CVSS5.7AI score0.07475EPSS

CVE•added 2002/07/03 4:0 a.m.•44 views

CVE-2002-0535

Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.

5CVSS7.2AI score0.0792EPSS

CVE•added 2005/04/21 4:0 a.m.•40 views

CVE-2001-1460

SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.

7.5CVSS8.3AI score0.03984EPSS

CVE•added 2002/02/02 5:0 a.m.•37 views

CVE-2001-0911

PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.

7.5CVSS6.9AI score0.00043EPSS

CVE•added 2005/07/14 4:0 a.m.•36 views

CVE-2001-1521

Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.

2.6CVSS6AI score0.00346EPSS

CVE•added 2005/07/14 4:0 a.m.•30 views

CVE-2002-1996

Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php.

2.6CVSS6AI score0.00504EPSS