CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0802
https://notcve.org/view.php?id=CVE-2006-0802
Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation. • http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html http://news.postnuke.com/index.php?name=News&file=article&sid=2754 http://secunia.com/advisories/18937 http://securityreason.com/securityalert/454 http://www.securityfocus.com/bid/16752 http://www.vupen.com/english/advisories/2006/0673 https://exchange.xforce.ibmcloud.com/vulnerabilities/24823 •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 1CVE-2005-1778
https://notcve.org/view.php?id=CVE-2005-1778
Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter. • http://marc.info/?l=bugtraq&m=111721364707520&w=2 http://news.postnuke.com/Article2691.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2005-1777 – PostNuke 0.750 - 'readpmsg.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-1777
SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter. • https://www.exploit-db.com/exploits/1030 http://marc.info/?l=bugtraq&m=111721364707520&w=2 http://news.postnuke.com/Article2691.html http://securitytracker.com/id?1014066 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2005-1698
https://notcve.org/view.php?id=CVE-2005-1698
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message. • http://marc.info/?l=bugtraq&m=111670506926649&w=2 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1694
https://notcve.org/view.php?id=CVE-2005-1694
Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter. • http://marc.info/?l=bugtraq&m=111670823128472&w=2 http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691 •