CVE-2005-1049

Name of the Vulnerable Software and Affected Versions PostNuke versions 0.760-RC3

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the module parameter to "admin.php" or the op parameter to "user.php". Note that the vendor reports certain issues could not be reproduced for 760 RC3 or for .750. However, the issue with "op/user.php" exists when the pnAntiCracker setting is disabled.

Recommendations For PostNuke version 0.760-RC3, consider disabling the pnAntiCracker setting to prevent exploitation until a patch is available. Restrict access to the "admin.php" and "user.php" modules to minimize the risk of exploitation. Avoid using the module and op parameters in the affected API endpoints until the issue is resolved.