CVE-2004-1957: XSS
First published: Wed Apr 21 2004(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Postnuke Software Foundation Pnphpbb | =0.726 | |
| Postnuke Software Foundation Pnphpbb | =0.726 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1957?
CVE-2004-1957 is classified as a medium severity vulnerability due to its ability to execute scripts remotely.
How do I fix CVE-2004-1957?
To fix CVE-2004-1957, update your PostNuke installation to a version beyond 0.726 that addresses these cross-site scripting vulnerabilities.
What are the affected components in CVE-2004-1957?
CVE-2004-1957 affects the Downloads and Web_links modules as well as openwindow.php in PostNuke version 0.726.
Who can exploit CVE-2004-1957?
CVE-2004-1957 can be exploited by remote attackers with knowledge of the URL parameters to inject arbitrary web scripts.
What kind of attacks can CVE-2004-1957 enable?
CVE-2004-1957 can enable cross-site scripting (XSS) attacks which may compromise user security and session integrity.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/postnuke software foundation
- canonical/postnuke software foundation pnphpbb
- version/postnuke software foundation pnphpbb/0.726