CVE-2005-0616

Name of the Vulnerable Software and Affected Versions PostNuke versions 0.750 through 0.760-RC2

Description The issue allows remote attackers to inject arbitrary web script or HTML via several variables, including Program name, File link, Author name, Author e-mail address, File size, Version, or Home page.

Recommendations For PostNuke versions 0.750 through 0.760-RC2, as a temporary workaround, consider restricting user input for the Program name, File link, Author name, Author e-mail address, File size, Version, and Home page variables to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.