CVE-2005-1695: XSS
First published: Tue May 24 2005(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Postnuke Software Foundation Postnuke | =0.760_rc3 | |
| Postnuke Software Foundation Postnuke | =0.760_rc2 | |
| Postnuke Software Foundation Postnuke | =0.750 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/tags
- agent/event
- vendor/postnuke software foundation
- canonical/postnuke software foundation postnuke
- version/postnuke software foundation postnuke/0.760_rc3
- version/postnuke software foundation postnuke/0.760_rc2
- version/postnuke software foundation postnuke/0.750