Postnuke@0.76 rc4b Security Vulnerabilities and Issues — Postnuke@0.76 rc4b CVE List

Lucene search

Postnuke Software FoundationPostnuke0.76 rc4b

4 matches found

CVE•added 2006/02/20 10:2 p.m.•51 views

CVE-2006-0800

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInp...

2.6CVSS5.7AI score0.07475EPSS

CVE•added 2005/08/24 4:0 a.m.•45 views

CVE-2005-2690

SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php.

7.5CVSS8.2AI score0.00274EPSS

CVE•added 2005/08/24 4:0 a.m.•44 views

CVE-2005-2689

Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.

2.6CVSS5.8AI score0.00321EPSS

CVE•added 2006/12/02 11:28 a.m.•32 views

CVE-2006-6233

SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, bu...

7.5CVSS8.8AI score0.00468EPSS