CVE-2005-1695

Name of the Vulnerable Software and Affected Versions PostNuke versions 0.750 through 0.760RC3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the RSS module. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited through the rss url parameter to "magpie slashbox.php", or the url parameter to "magpie simple.php" or "magpie debug.php".

Recommendations For PostNuke versions 0.750 through 0.760RC3, consider restricting access to the RSS module until a patch is available. As a temporary workaround, avoid using the rss url parameter in "magpie slashbox.php" and the url parameter in "magpie simple.php" or "magpie debug.php" to minimize the risk of exploitation.