header-logo
Suggest Exploit
vendor:
PostNuke
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: PostNuke
Affected Version From: 0.726-3
Affected Version To: 0.75-RC3
Patch Exists: NO
Related CWE: Unknown
CPE: a:postnuke:postnuke
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting Vulnerability in PostNuke

The 'title' parameter of the 'Reviews' script in PostNuke is prone to a cross-site scripting vulnerability. Exploiting this vulnerability could lead to the theft of cookie-based authentication credentials and other possible attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input before using it in any output context. Developers should also consider implementing Content Security Policy (CSP) to prevent cross-site scripting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10802/info

PostNuke is reported prone to a cross-site scripting vulnerability. This issue affects the 'title' parameter of 'Reviews' script. Exploitation of this issue could allow for theft of cookie-based authentication credentials. Other attacks are also possible. 

It should be noted, that although this vulnerability has been reported to affect PostNuke version 0.726-3 and 0.75-RC3, other versions might also be affected.

http://www.example.com/html/modules.php?0p=modload&name=Reviews&file=index&req=showcontent&id=1&title=%253cscript>alert%2528document.cookie);%253c/script>

Navigation

Suggest Exploit

Services By CQR