| VID |
21294 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PostNuke, installed on the Web server, is vulnerable to a Cross-Site Scripting Vulnerability in the "openwindow.php" script.
PostNuke, developed by Francisco Burzi, is a PHP content management system with a MySQL database. The version 0.7.2.6 of PostNuke is vulnerable to a Cross-Site Scripting Vulnerability, caused by improper filtering a input in the "openwindow.php" script. By sending a URL Link containing a malicious scripts, a remote attacker could execute it in the target's web browser within the security context of the hosting site, once the link is clicked. An attacker could be use this vulnerability to steal the target's cookie-based authentication. The version 0.7.2.6 of PostNuke is also vulnerable to multiple Cross-Site Scripting Vulnerabilities in the "Downloads" and "Web_Links" modules.
http://[target]/postnuke0726/modules.php?op=modload&name=Downloads&file=index&req=ratedownload&ttitle=x&lid=>[xss code here]
http://[target]/postnuke0726/modules.php?op=modload&name=Downloads&file=index&req=search&query=>[xss code here]
http://[target]/postnuke0726/modules.php?op=modload&name=Web_Links&file=index&req=search&query=>[xss code here]
http://[target]/postnuke0726/javascript/openwindow.php?hlpfile=x<html><body>[xss code here]
http://[target]/postnuke0726/javascript/openwindow.php?hlpfile=x<html><body%20onload=alert(document.cookie);>
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2004-03/2336.html
* Platforms Affected:
PostNuke Phoenix 0.7.2.6
UNIX/Linux Any version
Windows Any version |
| Recommendation |
No patch or upgrade for this vulnerability as of June 2014. |
| Related URL |
CVE-2004-1957 (CVE) |
| Related URL |
10191 (SecurityFocus) |
| Related URL |
15934 (ISS) |
|
