Page 8 of 38 results (0.003 seconds)

CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter. • http://online.securityfocus.com/archive/1/245691 http://online.securityfocus.com/archive/82/243545 http://www.iss.net/security_center/static/7654.php http://www.securityfocus.com/bid/3609 •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0

PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. • http://marc.info/?l=bugtraq&m=100638850219503&w=2 http://www.securityfocus.com/bid/3567 https://exchange.xforce.ibmcloud.com/vulnerabilities/7596 •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2

SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter. • https://www.exploit-db.com/exploits/21119 http://archives.neohapsis.com/archives/bugtraq/2001-10/0088.html http://archives.neohapsis.com/archives/bugtraq/2001-10/0091.html http://www.kb.cert.org/vuls/id/921547 http://www.securityfocus.com/bid/3435 https://exchange.xforce.ibmcloud.com/vulnerabilities/7280 •