Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Postnuke | Postnuke_software_foundation | 0.62 (including) | 0.62 (including) |
| Postnuke | Postnuke_software_foundation | 0.63 (including) | 0.63 (including) |
| Postnuke | Postnuke_software_foundation | 0.64 (including) | 0.64 (including) |
References
- http://online.securityfocus.com/archive/1/245691
- http://online.securityfocus.com/archive/82/243545
- http://www.iss.net/security_center/static/7654.php
- http://www.securityfocus.com/bid/3609
- http://online.securityfocus.com/archive/1/245691
- http://online.securityfocus.com/archive/82/243545
- http://www.iss.net/security_center/static/7654.php
- http://www.securityfocus.com/bid/3609