CVE-2005-2689

Name of the Vulnerable Software and Affected Versions PostNuke versions 0.760-RC4b

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via the moderate parameter to the Comments module or the htmltext parameter to the html/user.php endpoint.

Recommendations For PostNuke version 0.760-RC4b, as a temporary workaround, consider restricting access to the Comments module and the html/user.php endpoint until a patch is available. Avoid using the moderate and htmltext parameters in the affected modules until the issue is resolved.