CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-1696

Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.6%

CVSS Severity

CVSS v2 Score 2.6

References

http://marc.info/?l=bugtraq&m=111670506926649&w=2
http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691
http://marc.info/?l=bugtraq&m=111670506926649&w=2
http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2691

Products affected by CVE-2005-1696

Postnuke Software Foundation » Postnuke » Version: 0.750

cpe:2.3:a:postnuke_software_foundation:postnuke:0.750
Postnuke Software Foundation » Postnuke » Version: 0.760_rc3

cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-1696

Products

Pricing

Contact Us