CVE-2004-1957

Name of the Vulnerable Software and Affected Versions PostNuke version 0.726

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to multiple cross-site scripting (XSS) vulnerabilities. This can be achieved via the lid and query parameters to the Downloads module, the query parameter to the Web links module, or the hlpfile parameter to openwindow.php.

Recommendations For PostNuke version 0.726, as a temporary workaround, consider restricting access to the vulnerable parameters lid, query, and hlpfile until a patch is available. Avoid using these parameters in the affected modules and openwindow.php until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.