PostNuke News Module article.php sid Parameter XSS

medium Nessus Plugin ID 14727

Language:

Synopsis

A remote web application is vulnerable to cross-site scripting.

Description

The remote host is running a version of PostNuke which contains the 'News' module which itself is vulnerable to a cross-site scripting issue.

An attacker may use these flaws to steal the cookies of the legitimate users of this website.

Solution

Upgrade to the latest version of postnuke

Plugin Details

Severity: Medium

ID: 14727

File Name: postnuke_news_xss.nasl

Version: 1.23

Type: remote

Family: CGI abuses : XSS

Published: 9/15/2004

Updated: 6/4/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:postnuke_software_foundation:postnuke

Required KB Items: www/postnuke

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 11/8/2002

Reference Information

BID: 5809

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

Detections

Analytics