CVE-2002-1996

4 documents4 sources

Severity

2.6LOW

EPSS

0.5%

top 33.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Postnuke Software Foundation Postnuke

Timeline

PublishedDec 31

Latest updateApr 30

Description

Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDpostnuke_software_foundation/postnuke7 versions+6

Patches

Patch: archives.neohapsis.com ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-2pr3-6gwh-9gvq: Cross-site scripting (XSS) vulnerability in PostNuke 0↗2022-04-30

▶

CVEList

CVE-2002-1996: Cross-site scripting (XSS) vulnerability in PostNuke 0↗2005-07-14

▶

💥Exploits & PoCs

Exploit-DB

Webster HTTP Server - GET Buffer Overflow (Metasploit)↗2010-11-03

▶