CVE-2006-0800
PostNuke 0.6x/0.7x NS-Languages Module - 'language' Cross-Site Scripting
Severity Score
2.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-02-20 CVE Reserved
- 2006-02-20 CVE Published
- 2006-02-21 First Exploit
- 2024-06-11 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0469.html | Mailing List | |
| http://securityreason.com/securityalert/454 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24823 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/27254 | 2006-02-21 | |
| http://www.securityfocus.com/bid/16752 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://news.postnuke.com/index.php?name=News&file=article&sid=2754 | 2017-07-20 | |
| http://secunia.com/advisories/18937 | 2017-07-20 |
| URL | Date | SRC |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/0673 | 2017-07-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.7 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.7" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.62 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.62" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.63 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.63" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.64 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.64" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.70 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.70" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.71 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.71" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.72 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.72" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.73 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.73" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.74 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.74" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.75 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.75" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.75_rc3 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.75_rc3" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.76_rc4 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.76_rc4" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.76_rc4a Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.76_rc4a" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.76_rc4b Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.76_rc4b" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.703 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.703" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.721 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.721" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.726.3 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.726.3" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.761 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.761" | - |
Affected
| ||||||
| Postnuke Software Foundation Search vendor "Postnuke Software Foundation" | Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke" | 0.761a Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.761a" | - |
Affected
| ||||||