Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0800

CWE-79 — Cross-site Scripting (XSS)9 documents5 sources

Severity

2.6LOW

EPSS

7.5%

top 8.21%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Postnuke Software Foundation Postnuke

Timeline

PublishedFeb 20

Latest updateMay 1

Description

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDpostnuke_software_foundation/postnuke19 versions+18

Patches

Patch: news.postnuke.com ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-79gg-fg79-5cf7: Interpretation conflict in PostNuke 0↗2022-05-01

▶

CVEList

CVE-2006-0800: Interpretation conflict in PostNuke 0↗2006-02-20

▶

💥Exploits & PoCs

Exploit-DB

PostNuke 0.6x/0.7x NS-Languages Module - 'language' Cross-Site Scripting↗2006-02-21

▶