Page 2 of 16 results (0.007 seconds)

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation. • http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html http://news.postnuke.com/index.php?name=News&file=article&sid=2754 http://secunia.com/advisories/18937 http://securityreason.com/securityalert/454 http://www.securityfocus.com/bid/16752 http://www.vupen.com/english/advisories/2006/0673 https://exchange.xforce.ibmcloud.com/vulnerabilities/24823 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter. • https://www.exploit-db.com/exploits/1030 http://marc.info/?l=bugtraq&m=111721364707520&w=2 http://news.postnuke.com/Article2691.html http://securitytracker.com/id?1014066 •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter. • http://marc.info/?l=bugtraq&m=111721364707520&w=2 http://news.postnuke.com/Article2691.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php. • http://marc.info/?l=bugtraq&m=111670482500552&w=2 http://marc.info/?l=bugtraq&m=111670506926649&w=2 http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter. • http://marc.info/?l=bugtraq&m=111670823128472&w=2 http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691 •