CVE Vulnerabilities

CVE-2005-0616

Published: Feb 28, 2005 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables.

Affected Software

Name Vendor Start Version End Version
Postnuke_phoenix Postnuke_software_foundation 0.750 0.750
Postnuke_phoenix Postnuke_software_foundation 0.760_rc2 0.760_rc2

References