NVD

Id
59530  
Name
CVE-2006-0800  
Description
Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.  
Reject
 
CVSS Version
2  
CVSS Score
2.6  
Severity
Low  
CVSS Base Score
2.6  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:N/I:P/A:N)  
Pub Date
2016-12-20  
Published
2006-02-20  
Modified Date
2011-10-11  
Seq
2006-0800  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
306177 59530 CVE-2006-0800 20060219 Multiple vulnerabilities in PostNuke <= 0.761  View
306178 59530 CVE-2006-0800 http://news.postnuke.com/index.php?name=News&file=article&sid=2754  View
306179 59530 CVE-2006-0800 454  View
306180 59530 CVE-2006-0800 16752  View
306181 59530 CVE-2006-0800 ADV-2006-0673  View
306182 59530 CVE-2006-0800 postnuke-user-nslanguages-xss(24823)  View

Related JVN